Domain, IP and Country restrictions

Copy

• Copy for LLM

  Copy page as Markdown for LLMs
• View as Markdown

  Open this page as Markdown
• Open in ChatGPT

  Get insights from ChatGPT
• Open in Claude

  Get insights from Claude
• Connect to Cursor

  Install MCP server on Cursor
• Connect to VS Code

  Install MCP server on VS Code

Frontegg allows you to enforce access control by restricting access based on domains, IP addresses, or countries. You can configure these restrictions using an allowlist or denylist to control which users can access your app.

Available restriction levels

Domain, IP, and country restrictions can be applied at different levels:

• Environment-level domain restrictions that apply to all accounts within a specific environment. You can configure these settings in the Frontegg portal.
• Environment-level country restrictions that apply to all accounts within a specific environment. You can configure these settings as a security rule.
• Account-level domain, IP, and country restrictions for specific accounts within an environment. You can configure these settings in the Frontegg portal.
• User-level domain and IP restrictions for individual user accounts. You can configure these settings through the self-service portal.
• Account-level country restrictions for specific accounts. Account admins can configure these settings through the admin portal.

Domain restrictions

An allowlist or denylist can be used to control domain access.

• Allowlist grants access only to specified domains; all others are denied.
• Denylist blocks access only to specified domains; all others are allowed.

IP restrictions

Similar to domains, IP restrictions can be configured using an allowlist or denylist.

• Allowlist grants access only to specified IP addresses; all others are denied. Ensure that the allowlist includes the current user's IP address to prevent lockout.
• Denylist blocks access only to specified IP addresses; all others are allowed. The denylist cannot include the current user's IP address, as this would result in a lockout.

Country restrictions

Similar to domains and IPs, country restrictions can be configured using an allowlist or denylist.

• Allowlist grants sign-up and login access only from specified countries; all others are denied.
• Denylist blocks sign-up and login access from specified countries; all others are allowed.

Country restrictions are evaluated during sign-up and login. Already logged-in users are not re-evaluated until their next login attempt.