IP-based Application Access
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2025 06:28 AM
I'm wondering if it is possible to limit Application access based on IP Range. For example, if I want to allow only those on our VPN connection to access Security Center.
Note: NOT looking for IP-based Authentication where ONLY whitelisted IPs can login. Assume I want to allow login to the instance from any IP without restriction, but then I want to ensure that the user is on our VPN range before allowing access to a specific application. I see where I can get the session ID:
How to get the client IP of the originating request - Support and Troubleshooting
but then, how would I use that for restriction?
- Labels:
-
Architect

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2025 07:36 AM
When you say limit application, what are you exactly mentioning about?
A portal/page/table/workspace or something else?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2025 07:46 AM
We didn't get into specifics, but the workspace seems a reasonable place to start for Security Center (for example). I can see it will need to be more granular or we just create 'security by obscurity' and folks will 'find another way in'. Restricting at the table level is likely required.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2025 10:50 AM
'Zero Trust Access' is a better option to go with if that suits your requirement.
If that doesn't help your case then you might need to build your own logic and use
gs.getSession().getClientIP()
Accept the solution and mark as helpful if it does, to benefit future readers.
Regards,
Sumanth

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2025 07:38 AM
Hi @BillDavS76
You have to use the Zero Trust policy-based session access feature to achieve this.
https://www.youtube.com/watch?v=NYQ8g4uw12U
https://www.servicenow.com/docs/bundle/washingtondc-platform-security/page/integrate/authentication/...
Thanks,
Randheer