Genesys Cloud - Main

 View Only

Sign Up

  • 1.  Allowed IP Addresses

    Posted 5 hours ago

    A customer of ours is looking to implement IP whitelisting on their org. Can anyone advise with the following questions?

    1) Does whitelisting have any impact to the SSO provider/integration?

    2) Does whitelisting prevent Genesys Support from accessing your org?

    3) Is there any way to enable it in an initial "logging way" so the IP ranges can be validated?

    Thanks


    #Security
    #System/PlatformAdministration

    ------------------------------
    James Foster
    Technical Consultant
    ------------------------------


  • 2.  RE: Allowed IP Addresses

    Posted 3 hours ago
    Edited by Kaio Oliveira 3 hours ago

    Hi James

    -

    • 1) Impact on SSO provider/integration:

      -

      The Allowed IP Addresses feature is described as "more restrictive" compared to other access control methods. The documentation indicates that it restricts access to specified IP ranges by blocking unauthorized connections from mobile browsers and other apps. However, the documentation specifically notes that organizations can use the AuthorizedClientIDs SAML attribute as an alternative security layer "without reliance on the more restrictive Allowed IP Addresses feature."

      This suggests that IP whitelisting can impact SSO-based access, particularly when users attempt to authenticate from IP addresses outside the allowlist. You'll need to ensure that your identity provider's IP addresses and any locations where users authenticate from are included in your CIDR blocks.

      -

      2) Impact on Genesys Support access:

      Genesys Product Support accesses customer organizations through an authorized organization pairing mechanism. The documentation states that "to access your Genesys Cloud organization, the Genesys Cloud Product Support team may ask to pair their Product Support organization to your organization." You can control their access by assigning roles and can revoke access at any time.

      When implementing IP whitelisting, you should coordinate with Genesys Support to ensure their IP ranges are included in your allowlist if you want to maintain their ability to access your organization for troubleshooting purposes.

      -

      3) Logging/validation mode:

      Based on the available documentation, there does not appear to be a "logging only" or "audit mode" for the Allowed IP Addresses feature. The configuration is straightforward: you enter CIDR blocks (up to 150 CIDRs, one per line) in the IP Addresses box under Admin > Account Settings > Organization Settings.

      Important notes from the documentation:

      • When creating or updating an allowlist, ensure that your own IP is added to or already in the allowlist
      • Genesys Cloud checks to ensure that the IP address of the user who configures the allowlist appears in one of the CIDR entries
      • If you do not enter anything in the Allowed IP Addresses field, all IP addresses can access your account
      • IP addresses from Data Actions integrations are automatically allowed
      • WebRTC Media Helper and Genesys Tempo are allowed by default

      The system enforces the allowlist immediately upon saving, so you'll need to be certain of your IP ranges before implementation.


    ------------------------------
    Kaio Oliveira
    GCP - GCQM - GCS - GCA - GCD - GCO - GPE & GPR - GCWM

    PS.: I apologize if there are any mistakes in my English; my primary language is Portuguese-Br.
    ------------------------------

    Original Message


Related Content