IP-based Application Access

BillDavS76 · ‎05-22-2025

I'm wondering if it is possible to limit Application access based on IP Range. For example, if I want to allow only those on our VPN connection to access Security Center.

Note: NOT looking for IP-based Authentication where ONLY whitelisted IPs can login. Assume I want to allow login to the instance from any IP without restriction, but then I want to ensure that the user is on our VPN range before allowing access to a specific application. I see where I can get the session ID:

How to get the client IP of the originating request - Support and Troubleshooting

but then, how would I use that for restriction?

SumanthDosapati · ‎05-22-2025

@BillDavS76

When you say limit application, what are you exactly mentioning about?

A portal/page/table/workspace or something else?

BillDavS76 · ‎05-22-2025

We didn't get into specifics, but the workspace seems a reasonable place to start for Security Center (for example). I can see it will need to be more granular or we just create 'security by obscurity' and folks will 'find another way in'. Restricting at the table level is likely required.

SumanthDosapati · ‎05-22-2025

'Zero Trust Access' is a better option to go with if that suits your requirement.

If that doesn't help your case then you might need to build your own logic and use

gs.getSession().getClientIP()

Accept the solution and mark as helpful if it does, to benefit future readers.
Regards,
Sumanth

Randheer Singh · ‎05-22-2025

Hi @BillDavS76
You have to use the Zero Trust policy-based session access feature to achieve this.
https://www.youtube.com/watch?v=NYQ8g4uw12U
https://www.servicenow.com/docs/bundle/washingtondc-platform-security/page/integrate/authentication/...

Thanks,

Randheer