1. Account Administration
  2. Authentication
  3. Enabling and Creating IP Address Rules
  4. Create Company IP Address Rules

Create Company IP Address Rules

Important:

Two-factor authentication (2FA) is the preferred alternative to restricting access by IP address. For more information, see Two-Factor Authentication (2FA).

Consider using 2FA instead.

To create IP address rules for your company:

  1. Go to Setup > Company > Company Information.

  2. In the Allowed IP Addresses field, enter valid IP addresses (in dotted decimal notation) from which you want employees in your company to access your account. Each of the numbers in the four segments (the numbers between the dots) must be between 0 and 255.

    Warning:

    Be sure that you have entered the correct IP addresses before you log out so that you and your employees can log back in.

    Use the following formats:

    Important:

    You can enter up to 4000 characters. Use shorter forms of notation to enter addresses (such as 123.45.67.80-99 or 123.45.67.80/24 in the following examples) if necessary.

    • A single IP address, such as 123.45.67.89

    • A range of IP addresses, with a dash and no spaces between, such as 123.45.67.80-123.45.67.99. You can use 123.45.67.80-99 to indicate the same range.

    • A list of IP address separated by spaces or commas such as 123.45.67.90, 123.45.67.97,...

    • An IP address with full netmask, such as 123.45.67.80/255.255.255.0

      Note:

      A netmask defines which bits of the IP address are valid, the example means "use the first three segments (255.255.255), but not the fourth segment (0)".

    • An IP address and bitmask, such as 123.45.67.80/24

      Note:

      The “24” indicates the number of bits from beginning to use in the validation – the same IP addresses are valid as in the previous example (255 means 8 bits).

    • An IP address and mask, such as 209.209.48.32/255.255.0.0 or 209.209.48.32/16.

      Warning:

      Think carefully when using this type of notation. The mask is a binary number. For example, the IP address and mask 12.34.56.78/12.34.56.78 does not indicate only one IP address is allowed. The IP address 140.34.56.78 matches the mask in this example. There are more IP addresses that match the mask than are immediately obvious.

    • The text “NONE” – denies access from all IP addresses.

    • The text “ALL” – allows all IP addresses.

  3. Click Save.

When you or other employees log in to NetSuite, if at least one rule is defined, the IP address of the computer must match the rule(s) defined. If the computer does not match the IP address rule(s) defined, login fails and an error message is displayed.

If this employee has another role with IP address restrictions, the employee can only access that role from the addresses listed on the employee record or the addresses listed at Setup > Company > Company Information when the Inherit IP Rules from Company box is checked.

Related Topics

General Notices