Skip to main content

Restrict Access by IP Range

By registering a list of allowed IPs, you can restrict user access to your account and the workspaces under it, based on the user’s source IP. This helps prevent unauthorized access from unapproved regions or systems.

Nota

This security control should be considered an additional layer in your defense-in-depth strategy. It should not be considered a primary defense.

Prerequisites

  • You know which IPs your users will be accessing Alteryx Analytics Cloud (AAC) from.

  • You have purchased the Enterprise edition of AAC.

How to Enable the Feature

To enable this feature, you must contact your Alteryx representative.

Enabling the feature may take one or two business days. Once enabled, new settings will be made available to your account.

Configuration

  1. Log into your AAC account.

  2. Go to Settings > Restrict Access by IP Range setting and select Edit.

  3. Select the Restrict Access by IP checkbox.

  4. Within the Whitelist IPs field, enter one or more IPs and/or CIDR ranges.

  5. Select Save.

Nota

You can only update the Whitelisted IP field if your own Source IP is included in the list. This ensures that at least one user from your organization can access Alteryx once it's enabled.

Inputs are validated before the setting is persisted.

  • Only IPv4 is accepted.

  • Only RFC4632-compliant ranges are accepted.

  • 0 or more IPs and ranges can be entered, separated by a comma.

  • A range can be a single IP.

  • Whitespace is not accepted.

Example valid inputs:

  • 198.51.2.0

  • 198.51.2.0/24,198.51.5.0/4

Enforcement

After this feature is enabled and configured, any browser sessions or API calls from an IP address outside the registered IPs or CIDR ranges will be blocked, and authentication will fail. This applies to the entire account, including all associated workspaces.

How to Disable the Feature

To disable this feature, you must contact your Alteryx representative.

Disabling the feature may take one or two business days. Once disabled, source IP will no longer be evaluated when authenticating a user’s browser or API access.