IP allow lists now in public beta
IP allow lists gives you the ability to limit access to enterprise assets to an allowed set of source IPs, and it’s now available in public beta for GitHub Enterprise Cloud customers.
Many businesses have a known set of IP addresses that define where acceptable and expected network traffic should come from. This ranges from physical office locations, to network services like a VPN or proxy server. Starting today, IP allow lists are available in public beta for GitHub Enterprise Cloud customers. This feature allows you to limit access to enterprise assets to an allowed set of source IPs.
By combining IP allow lists with known physical devices, a business can confidently remove any risk that user credentials, like personal access tokens, are being executed from anywhere but an approved location.
How it works
IP allow lists provide the ability to filter traffic from specified IP ranges, defined by CIDR notation. The allow list is defined at the enterprise or organization account level in Security > Settings. All traffic that attempts to reach private resources within the enterprise account are filtered by the IP allow list.
Any navigation to resources protected by an IP allow list—whether by web, search, api, or command line git access—will be filtered by the list, including through:
- Username and password with GitHub authentication or SAML SSO
- Personal access tokens
- SSH keys
All user credentials, including those belonging to administrators, are subject to IP allow list checks. IP allow lists are not enforced on traffic directed to public repositories.
Configuring IP allow lists
IP allow lists defined at the enterprise level are enforced on all organizations that belong to that enterprise account. Each organization may also enable their own IP allow lists that build on the lists that are inherited from the enterprise. This is especially useful when you need to create access pathways for contractors that don’t have the ability to work in the same physical location or access a corporate VPN.
How to provide feedback
We’d love to hear your thoughts on IP allow lists throughout the public beta period. Share your comments with us through our product feedback contact form. Be sure to select “Teams, organizations, or Enterprise accounts” where our product team will be watching for items related to this feature.
Learn more about IP allow lists
Tags:
Written by
Related posts
Students: Start building your skills with the GitHub Foundations certification
The GitHub Foundations Certification exam fee is now waived for all students verified through GitHub Education.
Announcing GitHub Secure Open Source Fund: Help secure the open source ecosystem for everyone
Applications for the new GitHub Secure Open Source Fund are now open! Applications will be reviewed on a rolling basis until they close on January 7 at 11:59 pm PT. Programming and funding will begin in early 2025.
Software is a team sport: Building the future of software development together
Microsoft and GitHub are committed to empowering developers around the world to innovate, collaborate, and create solutions that’ll shape the next generation of technology.