This section allows you to control which IP addresses can access the SMARTFENSE platform. Under Settings > Security > Access Control you will find two independent lists: Authorized IPs and Restricted IPs.
Authorized IPs
Allows you to define one or more IP ranges with permitted access to the platform. Any user or tool that attempts to access it from an IP outside the configured ranges will receive a 404 error message, both in the root domain and in any of its subdirectories.
If no ranges are configured, no restriction is applied by authorized IP.
To configure an authorized IP range:
- Go to Settings > Security > Access Control > Authorized IPs.
- Click Add Range +.
- Fill in the From and To fields with the IP range you want to authorize.
- Repeat steps 2 and 3 to add more ranges if needed.
- Click Check access to verify that your current IP falls within one of the configured ranges before saving.
- Click Save.
Use the Check access button before saving. If your IP is not included in any range, you will be locked out when your current session ends.
To delete a range, click Remove Range — on the corresponding range and then Save.
To remove the restriction entirely, delete all configured ranges and click Save.
Restricted IPs
Allows you to define one or more IP ranges that will not be able to access the platform. Any user or tool that attempts to access it from an IP within the configured ranges will receive a 404 error message, both in the root domain and in any of its subdirectories.
This configuration is especially useful for blocking security tools or automatic scanners that interact with the platform and may register non-real actions in the audits of simulation and newsletter campaigns.
A common use case is blocking the IP ranges that Microsoft uses for SafeLinks inspection. When it is not possible to add an exception in the Whitelist section (for example, because the default rule does not allow editing), blocking those ranges from Restricted IPs prevents SafeLinks automatic scans from being recorded as interactions in campaigns.
To configure a restricted IP range:
- Go to Settings > Security > Access Control > Restricted IPs.
- Click Add Range +.
- Fill in the From and To fields with the IP range you want to restrict.
- Repeat steps 2 and 3 to add more ranges if needed.
- Click Save.
To delete a range, click Remove Range — on the corresponding range and then Save.
To remove the restriction entirely, delete all configured ranges and click Save.
💡 Best practices
- Use Check access before saving the Authorized IPs configuration to make sure you do not lock yourself out.
- Configure at least one range that includes the administrators' IP before enabling Authorized IPs.
- When it is not possible to add an exception in Whitelist for known security tools (for example, Microsoft SafeLinks), use Restricted IPs as an alternative to prevent automatic records in simulation campaigns.
- Document the configured ranges and their justification to make future maintenance easier.
- Review the configured ranges periodically, especially when security providers or the organization's network infrastructure changes.