# IP allow lists

For SonarQube Cloud enterprises using Single Sign-On (SSO) authentication, access can be restricted to an allowed list of IP addresses. This restriction applies to the SSO user authentication, the [Personal Access Tokens (PAT)](/sonarqube-cloud/managing-your-account/managing-tokens.md) generated by SSO users, and the [Scoped Organization Tokens (SOT)](/sonarqube-cloud/administering-sonarcloud/managing-organization/scoped-organization-tokens.md).

Note that:

* You can configure maximum 500 IP addresses or ranges in your IP allow list.
* You can use the [Authentication domain API](https://api-docs.sonarsource.com/sonarqube-cloud/default/public-externalauthentication-0-0) to retrieve an enterprise's IP allow list or to update a list.
* You must be an enterprise admin to be able to configure your enterprise's IP allow list.

{% hint style="warning" %}

* Configuring an IP allow list will restrict access to SonarQube Cloud from all IP addresses not specified. Changes will take effect within 5 minutes of saving.
* To authenticate with SonarQube Cloud, the analysis step of your CI pipeline will be subject to this restriction. This means you need to allow the IP address(es) of your CI-based runner.
  {% endhint %}

## Configuring an IP allow list for your enterprise <a href="#configuring-list" id="configuring-list"></a>

1. Retrieve your enterprise. For more details, see [Retrieving and viewing your enterprise](/sonarqube-cloud/administering-sonarcloud/managing-enterprise/retrieving-and-viewing-your-enterprise.md).
2. Go to **Administration** > **IP allow list**.
3. Enter the allowed IP addresses separated by a comma. Both IPv4 and IPv6 addresses with or without CIDR notation are supported.\
   IP address examples:
   * `192.0.2.0`
   * `198.51.100.0/24`
   * `2001:0db8:130f:0000:0000:09c0:876a:130b`
   * `2001:db8:130f::9c0:876a:130b`
   * `2001:db8:abcd::/48`
4. Select the **Save** button.

<figure><img src="/spaces/KXW79zfYFiA8incTvwZK/files/aqFdj5JCIpxRErbxkXjl" alt="Enter the list of allowed IP addresses in the box to restrict access to your SonarQube Cloud enterprise to this list."><figcaption></figcaption></figure>

## Deleting your enterprise's IP allow list <a href="#deleting-list" id="deleting-list"></a>

1. Retrieve your enterprise. For more details, see [Retrieving and viewing your enterprise](/sonarqube-cloud/administering-sonarcloud/managing-enterprise/retrieving-and-viewing-your-enterprise.md).
2. Go to **Administration** > **IP allow list**.
3. Remove all the IP addresses or ranges from the **IP address(es) & CIDR ranges** field.
4. Select the **Save** button.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/enterprise-security/ip-allow-lists.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.