IP allow lists now in public beta
IP allow lists gives you the ability to limit access to enterprise assets to an allowed set of source IPs, and it’s now available in public beta for GitHub Enterprise Cloud customers.
Many businesses have a known set of IP addresses that define where acceptable and expected network traffic should come from. This ranges from physical office locations, to network services like a VPN or proxy server. Starting today, IP allow lists are available in public beta for GitHub Enterprise Cloud customers. This feature allows you to limit access to enterprise assets to an allowed set of source IPs.
By combining IP allow lists with known physical devices, a business can confidently remove any risk that user credentials, like personal access tokens, are being executed from anywhere but an approved location.
How it works
IP allow lists provide the ability to filter traffic from specified IP ranges, defined by CIDR notation. The allow list is defined at the enterprise or organization account level in Security > Settings. All traffic that attempts to reach private resources within the enterprise account are filtered by the IP allow list.
Any navigation to resources protected by an IP allow list—whether by web, search, api, or command line git access—will be filtered by the list, including through:
- Username and password with GitHub authentication or SAML SSO
- Personal access tokens
- SSH keys
All user credentials, including those belonging to administrators, are subject to IP allow list checks. IP allow lists are not enforced on traffic directed to public repositories.
Configuring IP allow lists
IP allow lists defined at the enterprise level are enforced on all organizations that belong to that enterprise account. Each organization may also enable their own IP allow lists that build on the lists that are inherited from the enterprise. This is especially useful when you need to create access pathways for contractors that don’t have the ability to work in the same physical location or access a corporate VPN.
How to provide feedback
We’d love to hear your thoughts on IP allow lists throughout the public beta period. Share your comments with us through our product feedback contact form. Be sure to select “Teams, organizations, or Enterprise accounts” where our product team will be watching for items related to this feature.
Learn more about IP allow lists
Tags:
Written by
Related posts
Code referencing now generally available in GitHub Copilot and with Microsoft Azure AI
Announcing the general availability of code referencing in GitHub Copilot and Microsoft Azure AI, allowing developers to permit code suggestions containing public code matches while receiving detailed information about the match.
The nuances and challenges of moderating a code collaboration platform
Sharing the latest data update to our Transparency Center alongside a new research article on what makes moderating a code collaboration platform unique.
GitHub Copilot now available in github.com for Copilot Individual and Copilot Business plans
With this public preview, we’re unlocking the context of your code and collaborators—and taking the next step in infusing AI into every developer’s workflow.