Restrict access to your Axion workspace by network location — so only users connecting from approved IPs can log in.
What Is IP Access Restrictions?
IP Access Restrictions lets you control which networks are allowed to access your Axion workspace. When enabled, users on your email domain must be connecting from an approved IP address to log in. Anyone connecting from an unapproved network will see an access denied error.
This is useful if your organization wants to ensure Axion can only be accessed from trusted locations — like your corporate network or VPN.
If this feature isn't currently enabled for your workspace and you'd like to set it up, contact your Axion support team.
Who Can Manage This
IP Access Restrictions are managed by designated workspace administrators. If you have administrator access, you'll find the IP Access List under Data & Settings → IP Access List in the left sidebar.
If you don't see this page, you don't have administrator access. Reach out to your Axion support team to find out who manages this for your organization.
Setting Up Your IP Access List
Step 1: Add an approved network
Click Add in the top right corner and fill in the following:
- Domain — Your organization's email domain (e.g.,
yourcompany.com) - IP Address — The IP address or network range to approve (single IPs and CIDR ranges are both supported)
- Description — Optional, but helpful — label it something like "Corp VPN" or "New York Office" so it's easy to identify later
The entry saves immediately.
Step 2: Enable the list
Adding entries alone doesn't restrict access — you need to turn it on. Use the Enable IP Access List toggle on the page. A confirmation will show you which domains will be affected before you confirm.
Once enabled, restrictions take effect immediately.
Making Changes
To edit or remove an entry, click the three-dot menu on any row. Deleting an entry will prompt a confirmation before it's removed.
To temporarily lift all restrictions, use the toggle to disable the list. You'll see a warning that all restrictions will be removed immediately — re-enabling it will enforce them again right away.
Frequently Asked Questions
Q: A user is locked out. What should I do? A: First, confirm whether they're connecting from an approved network. If their IP isn't on the list, you can either add it or have them connect via VPN. If you need to restore access quickly, disabling the list temporarily will allow anyone to log in while you sort it out.
Q: We have multiple office locations. Can we approve all of them? A: Yes — add a separate entry for each location's IP address or range. All approved entries are checked, so users from any of those locations will be able to log in.
Q: Can I approve a range of IPs instead of individual addresses? A: Yes, CIDR ranges are supported. For example, entering 10.0.0.0/8 would approve an entire network range. If you're unsure what range covers your network, check with your IT team.
Q: Will this affect administrators? A: No — administrators always retain access regardless of IP restrictions. This ensures you can't accidentally lock yourself out.
Q: What does a blocked user see? A: They'll receive an access denied error when trying to log in. It's worth giving your team a heads-up before enabling restrictions for the first time, so they know to connect via VPN or an approved network.
Need Help?
If you have questions about setting up IP Access Restrictions or need help configuring your approved networks, contact your Axion support team.