Google Workspaceintermediate

4 min read

title: Google Workspace IP Whitelisting: Restrict Login to Specific IP Addresses description: Enable IP whitelisting in Google Workspace to restrict user access from specific IP addresses. Admin guide to configure secure login, allowlist trusted IPs, and block unauthorized network access. difficulty: advanced estimatedReadTime: 12 lastUpdated: January 2025 featured: false faqItems:

  • question: >- What IP address formats are supported for whitelisting in Google Workspace? answer: >- Google Workspace supports CIDR notation for IP whitelisting, allowing you to specify individual IP addresses (e.g., 192.168.1.10) or ranges using subnets (e.g., 192.168.1.0/24). Ensure you format these correctly to avoid unauthorized access. For example, entering '192.168.1.0/24' allows all IPs from 192.168.1.0 to 192.168.1.255. Misconfigurations can lead to unintended access issues, so double-check entries, especially when adding multiple IPs or ranges.
  • question: >- How can I ensure that admin accounts are not locked out due to IP restrictions? answer: >- To prevent admin account lockouts, create a separate access level specifically for admin users that includes a wider range of IP addresses or a different subnet. This ensures that at least one admin can log in from an alternate network in case of misconfiguration. Additionally, regularly review and update this access level as remote work situations change or when new office locations are established, maintaining uninterrupted access for critical administrative functions.
  • question: >- What steps should I take if legitimate users are being blocked from access? answer: >- If legitimate users are blocked, first verify that their IP addresses are included in the whitelisted range. Check the Security Reports in the Admin Console for blocked login attempts to identify unauthorized IP addresses. If necessary, update the access level by adding the user's IP or range. Additionally, consider implementing a VPN solution for remote workers, ensuring that all users connect from a whitelisted IP, thus preventing access issues while maintaining security. heroImage: "https://images.unsplash.com/photo-1551288049-bebda4e38f72?w=1200&h=630&fit=crop"

IP whitelisting in Google Workspace allows administrators to restrict user logins to specific IP addresses, enhancing security by ensuring that users can only access their accounts from trusted networks. This guide will walk you through the steps to configure IP whitelisting using Google Workspace security settings.

Requirements:

  • Admin access to the Google Admin Console.
  • A list of trusted IP addresses or IP ranges that should be allowed access.

Step-by-Step Guide:

Step 1: Log into the Google Admin Console

Step 2: Access Security Settings

  • In the Admin Console, go to Security > Access and Data Control > Context-Aware Access.
  • Click on Access levels to define IP-based access control.

Step 3: Create a New Access Level Policy

  • Click Create access level and give it a descriptive name (e.g., “Office Network Only”).
  • Select New Condition and choose IP Subnet.
  • Enter the trusted IP addresses or ranges (e.g., 192.168.1.0/24).
  • Click Save to apply the condition.

Step 4: Apply the Access Level to Users

  • Navigate back to Context-Aware Access and go to Assign Access Levels.
  • Choose which apps the policy should apply to (e.g., Gmail, Drive, Admin Console).
  • Assign the access level to specific organizational units or all users.
  • Click Save to enforce the policy.

Step 5: Test the Configuration

  • Have a user attempt to log in from an unauthorized IP to confirm the restriction is working.
  • Test login from an authorized network to verify that access remains functional.

Step 6: Monitor and Adjust

  • Check Security Reports under Admin Console > Reports > Security to monitor login attempts.
  • Adjust whitelisted IPs as needed when adding new office locations or VPN connections.

Best Practices:

Use VPNs for Remote Access: If employees work remotely, require them to connect via a company VPN with a whitelisted IP.
Avoid Blocking Admin Access: Always ensure at least one admin can log in from an alternate network in case of misconfiguration.
Regularly Review IP Lists: Remove old or unused IP addresses to maintain security.

Need Professional Help?

Our team of experts can help you implement and configure these solutions for your organization.

Contact Our TeamView Our Services

Related Articles

Read More →

Creating Resource Calendars for Meeting Rooms in Google Workspace

Set up meeting room calendars and resource booking

Read More →

Read More →
Back to Google Workspace