# IP allow lists

For SonarQube Cloud enterprises using Single Sign-On (SSO) authentication, access can be restricted to an allowed list of IP addresses. This restriction applies to the SSO user authentication, the [Personal Access Tokens (PAT)](https://docs.sonarsource.com/sonarqube-cloud/managing-your-account/managing-tokens) generated by SSO users, and the [Scoped Organization Tokens (SOT)](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/managing-organization/scoped-organization-tokens).

Note that:

* You can configure maximum 500 IP addresses or ranges in your IP allow list.
* You can use the [Authentication domain API](https://api-docs.sonarsource.com/sonarqube-cloud/default/public-externalauthentication-0-0) to retrieve an enterprise's IP allow list or to update a list.
* You must be an enterprise admin to be able to configure your enterprise's IP allow list.

{% hint style="warning" %}

* Configuring an IP allow list will restrict access to SonarQube Cloud from all IP addresses not specified. Changes will take effect within 5 minutes of saving.
* To authenticate with SonarQube Cloud, the analysis step of your CI pipeline will be subject to this restriction. This means you need to allow the IP address(es) of your CI-based runner.
  {% endhint %}

## Configuring an IP allow list for your enterprise <a href="#configuring-list" id="configuring-list"></a>

1. Retrieve your enterprise. For more details, see [retrieving-and-viewing-your-enterprise](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/managing-enterprise/retrieving-and-viewing-your-enterprise "mention").
2. Go to **Administration** > **IP allow list**.
3. Enter the allowed IP addresses separated by a comma. Both IPv4 and IPv6 addresses with or without CIDR notation are supported.\
   IP address examples:
   * `192.0.2.0`
   * `198.51.100.0/24`
   * `2001:0db8:130f:0000:0000:09c0:876a:130b`
   * `2001:db8:130f::9c0:876a:130b`
   * `2001:db8:abcd::/48`
4. Select the **Save** button.

<figure><img src="broken-reference" alt="Enter the list of allowed IP addresses in the box to restrict access to your SonarQube Cloud enterprise to this list."><figcaption></figcaption></figure>

## Deleting your enterprise's IP allow list <a href="#deleting-list" id="deleting-list"></a>

1. Retrieve your enterprise. For more details, see [retrieving-and-viewing-your-enterprise](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/managing-enterprise/retrieving-and-viewing-your-enterprise "mention").
2. Go to **Administration** > **IP allow list**.
3. Remove all the IP addresses or ranges from the **IP address(es) & CIDR ranges** field.
4. Select the **Save** button.