IP allow lists now in public beta
IP allow lists gives you the ability to limit access to enterprise assets to an allowed set of source IPs, and it’s now available in public beta for GitHub Enterprise Cloud customers.
Many businesses have a known set of IP addresses that define where acceptable and expected network traffic should come from. This ranges from physical office locations, to network services like a VPN or proxy server. Starting today, IP allow lists are available in public beta for GitHub Enterprise Cloud customers. This feature allows you to limit access to enterprise assets to an allowed set of source IPs.
By combining IP allow lists with known physical devices, a business can confidently remove any risk that user credentials, like personal access tokens, are being executed from anywhere but an approved location.
How it works
IP allow lists provide the ability to filter traffic from specified IP ranges, defined by CIDR notation. The allow list is defined at the enterprise or organization account level in Security > Settings. All traffic that attempts to reach private resources within the enterprise account are filtered by the IP allow list.
Any navigation to resources protected by an IP allow list—whether by web, search, api, or command line git access—will be filtered by the list, including through:
- Username and password with GitHub authentication or SAML SSO
- Personal access tokens
- SSH keys
All user credentials, including those belonging to administrators, are subject to IP allow list checks. IP allow lists are not enforced on traffic directed to public repositories.
Configuring IP allow lists
IP allow lists defined at the enterprise level are enforced on all organizations that belong to that enterprise account. Each organization may also enable their own IP allow lists that build on the lists that are inherited from the enterprise. This is especially useful when you need to create access pathways for contractors that don’t have the ability to work in the same physical location or access a corporate VPN.
How to provide feedback
We’d love to hear your thoughts on IP allow lists throughout the public beta period. Share your comments with us through our product feedback contact form. Be sure to select “Teams, organizations, or Enterprise accounts” where our product team will be watching for items related to this feature.
Learn more about IP allow lists
Tags:
Written by
Related posts
Celebrating the GitHub Awards 2024 recipients 🎉
The GitHub Awards celebrates the outstanding contributions and achievements in the developer community by honoring individuals, projects, and organizations for creating an outsized positive impact on the community.
New from Universe 2024: Get the latest previews and releases
Find out how we’re evolving GitHub and GitHub Copilot—and get access to the latest previews and GA releases.
Bringing developer choice to Copilot with Anthropic’s Claude 3.5 Sonnet, Google’s Gemini 1.5 Pro, and OpenAI’s o1-preview
At GitHub Universe, we announced Anthropic’s Claude 3.5 Sonnet, Google’s Gemini 1.5 Pro, and OpenAI’s o1-preview and o1-mini are coming to GitHub Copilot—bringing a new level of choice to every developer.