Restrict access to specific IP ranges plugin

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Use the com.snc.ipauthenticator plugin to restrict access to specific IP ranges. Unless public access is intended for the instance, administrators should limit access to their assigned IP net blocks.

    The com.snc.ipauthenticator plugin, when set to true, restricts access to specific IP ranges. Unless public access is intended for the instance, administrators should limit access to their assigned IP net blocks.

    Ensure that the com.snc.ipauthenticator plugin is activated and there is at least one active IP access policy in the IP Address Access Controls [ip_access] table.

    More information

    Attribute Description
    Configuration name
    • com.snc.ipauthenticator
    • IP Address Access Controls [ip_access]
    Configuration type
    • Plugin (/v_plugin_list.do)
    • Table record (/ip_access_list.do)
    Data type N/A
    Recommended value
    • The com.snc.ipauthenticator plugin is active.
    • The IP Address Access Controls [ip_access] table contains at least one active record.
    Default value
    • The com.snc.ipauthenticator plugin is active by default.
    • The IP Address Access Controls [ip_access] table contains no records by default.
    Fallback value
    • The com.snc.ipauthenticator plugin is active by default.
    • The IP Address Access Controls [ip_access] table contains no records by default.
    Category Access control
    Security risk
    • Severity score: 5.3
    • CVSS rating: Medium
    • Security risk details: Allowing unrestricted public access to a ServiceNow instance without properly configuring the IP Address Access Control plugin exposes the system to unauthorized access and potential exploitation from any IP address, undermining network-level security and increasing the attack surface.
    Functional impact None
    Dependencies and prerequisites

    This plugin when set to true restricts access to specific IP ranges. Unless public access is intended for the instance, administrators should limit access to their assigned IP net blocks. An exclusion list (Deny) or an inclusion list (Allow) of IP addresses can be created through IP Address Access Control (ip_access_list.do).

    Before setting this property, you must activate the IP Range Based Authentication (com.snc.ipauthenticator)com.snc.ipauthenticator plugin. To learn more, see IP range based authentication and in the Steps to configure section (below).

    Ensure the plugin com.snc.ipauthenticator is activated and there is at least one active IP access policy in the table ip_access.