You configure IP restrictions by listing which specific IP addresses are allowed to access your Syncro site. This IP Allowlist or whitelist applies to all Users and API calls, including integrations.

Notes: 

• Syncro recommends enabling the IP Allowlist for both Users and APIs. 
• IPv4, IPv6 addresses are both supported, including the use of CIDR.

Create Your IP Allow List

1. Navigate to Admin > Employees - IP Allow List. The IP Allow List page displays.
2. Click the Disabled for Users and/or APIs toggles to enable the feature(s).
3. In the Allowed IP Address List field, add all the public IP addresses of users and integrations connecting via our API (for which you have made API keys) to allow them access to Syncro:
   
   IMPORTANT: 

• Add the IP addresses of all Global Admins here. If you forget, Global Admins may be temporarily logged out until they receive the email described in Unauthorized Access. When they click Approve, their IP address will be added.
• If you're on a Team Plan and are using either Azure AD Sync or Database Backup, you must add 3.227.99.15 to your allowlist. (The IP addresses of Azure AD or the Database to which you are backing up do not need to be added.)
• If you're using PowerBI, you must allow API requests for the integration to work. Either disable the “Enable for APIs” toggle entirely, or add the entirety of Azure's IP Ranges to your allowlist.

4. Click Save.

Unauthorized Access

If a user attempts to access Syncro after this feature is enabled and their IP address is not on the IP allowlist, they will not be able to access any aspect of Syncro:

Additionally, Global Admins receive an email notifying them of the attempt. This email includes an Approve button so you can easily add the blocked IP address to the IP allowlist:

Whitelisting Integrations

Here are some commonly used vendors (and links to their IP resources) that you may want to add to your IP allowlist:

• Domotz
• Lifecycle Insights
• Lifecycle Manager
• Lionguard
• Quickpass