Skip to content

Restricting IdentityNow Access

IdentityNow allows you to restrict the sign-in locations permitted for users in each defined identity profile. You can configure restrictions based on:

  • IP address blocks that define your network to prevent access from off-network IP addresses.
  • A Block List to prevent user access from specified countries.
  • An Allow List to permit user access only from specified countries.


These restrictions apply to password resets as well. During the password reset process, users are required to authenticate. If a user attempts to authenticate while they are off network, they will be blocked from resetting their password.

To apply these restrictions you must:

  1. Define the restrictions as global configurations.
  2. Choose which of those restrictions to apply to each identity profile.


These restrictions do not apply when you use single sign-on to authenticate users to IdentityNow. If you need restrictions and are using SSO, add them on the identity provider side.

Specifying Network IP Restrictions

To set up access restrictions based on network, define your network by adding the IP address blocks of your network.

  1. Go to Admin > Global > System Settings > Network Settings.

  2. Under Network Definition, specify a range of IP addresses using Classless Inter-Domain Routing (CIDR) notation.

  3. To add more IP addresses, select + Add and enter another range. Repeat until you've added all the IP address ranges you want to allow to access IdentityNow.

    Select the X next to an IP address block to remove it.

  4. Select Save.

Specifying a Block List or Allow List

To restrict user access by country, define the permissible set of countries through either a block list or an allow list.

  1. Go to Admin > Global > System Settings > Network Settings.

  2. Under Trusted Countries, select either Block List or Allow List.

    • A block list defines countries that your organization considers untrusted so IdentityNow can prevent sign-in from IP addresses associated with them.
    • An allow list defines countries that your organization considers trusted so IdentityNow can allow sign-in only from IP addresses associated with them.
  3. Begin typing the name of a country in the field and select it from the list. Select Add to enter another country. Repeat until you've added all the countries you need.


    To remove a country from the list, select the Delete icon X next to the country.

  4. Select Save.

Applying Restrictions to Users per Identity Profile

Access restrictions must be applied to each identity profile to constrain those users' access to IdentityNow.

  1. Go to Admin > Identity Management > Identity Profiles.

  2. Select the identity profile you want to edit.

  3. Under Block Access From, choose which restrictions to apply to those users.

    • Select Off Network to prevent them from accessing IdentityNow from outside your defined network.
    • Select Untrusted Geographies to prevent access from the countries in your block list or to allow access only from the countries in your allow list.
  4. Scroll to the bottom of the page and select Save.