TABLE OF CONTENTS


Background

By default, any one can sign up for an Aqua account, invite new users, and use the application. Those new users can sign in from any location or IP address. Some enterprise environments require more restrictive controls governing the IP address from which users can access the Aqua application. Aqua supports IP address-based sign in restrictions for all Premier and Enterprise accounts.


IP Restriction Feature

When enabled, users signing into your Aqua account must do so from a known IP address. This limitation applies to both sign in by email and password, as well as sign in via SAML.


To activate this feature, please open a support ticket and include the list of IP addresses that should be allowed. Once enabled, users signing in from outside of this permitted range will receive the following error message:


This account requires sign in from a known egress IP address. Please ensure that you are signing in from your company VPN or permitted IP address.


Limitations

Currently, only IP addresses (not CIDR blocks) can be provided. Additionally, there is no break-glass access for this feature. Once enabled, the only way to disable it is to email support.