IP allow lists now in public beta
IP allow lists gives you the ability to limit access to enterprise assets to an allowed set of source IPs, and it’s now available in public beta for GitHub Enterprise Cloud customers.
Many businesses have a known set of IP addresses that define where acceptable and expected network traffic should come from. This ranges from physical office locations, to network services like a VPN or proxy server. Starting today, IP allow lists are available in public beta for GitHub Enterprise Cloud customers. This feature allows you to limit access to enterprise assets to an allowed set of source IPs.
By combining IP allow lists with known physical devices, a business can confidently remove any risk that user credentials, like personal access tokens, are being executed from anywhere but an approved location.
How it works
IP allow lists provide the ability to filter traffic from specified IP ranges, defined by CIDR notation. The allow list is defined at the enterprise or organization account level in Security > Settings. All traffic that attempts to reach private resources within the enterprise account are filtered by the IP allow list.
Any navigation to resources protected by an IP allow list—whether by web, search, api, or command line git access—will be filtered by the list, including through:
- Username and password with GitHub authentication or SAML SSO
- Personal access tokens
- SSH keys
All user credentials, including those belonging to administrators, are subject to IP allow list checks. IP allow lists are not enforced on traffic directed to public repositories.
Configuring IP allow lists
IP allow lists defined at the enterprise level are enforced on all organizations that belong to that enterprise account. Each organization may also enable their own IP allow lists that build on the lists that are inherited from the enterprise. This is especially useful when you need to create access pathways for contractors that don’t have the ability to work in the same physical location or access a corporate VPN.
How to provide feedback
We’d love to hear your thoughts on IP allow lists throughout the public beta period. Share your comments with us through our product feedback contact form. Be sure to select “Teams, organizations, or Enterprise accounts” where our product team will be watching for items related to this feature.
Learn more about IP allow lists
Tags:
Written by
Related posts
GitHub and JFrog partner to unify code and binaries for DevSecOps
This partnership between GitHub and JFrog enables developers to manage code and binaries more efficiently on two of the most widely used developer platforms in the world.
2024 GitHub Accelerator: Meet the 11 projects shaping open source AI
Announcing the second cohort, delivering value to projects, and driving a new frontier.
Introducing GitHub Copilot Extensions: Unlocking unlimited possibilities with our ecosystem of partners
The world of Copilot is getting bigger, improving the developer experience by keeping developers in the flow longer and allowing them to do more in natural language.