Cloud-triggered allowlist
Configure Cloud-triggered allowlist
The Cloud URL or Groundplex URL for Triggered Tasks or Ultra Tasks can be invoked from any host that has network access to the data plane. However if you enable an IP address allowlist for the Org, you can invoke the Cloud URL only from those machines whose IP addresses fall in the IP allowlist range. This increases security by limiting access to trusted IP addresses.
Refer to Task allowlist and Pipeline access for more details and URL examples.
Manage Cloud-triggered allowlist
From the Admin Manager screen configure the allowlist using the following options:
- Any IP address: Allows access to tasks from all IP addresses, including those not on the allowlist.
- Nowhere - deny all IP addresses: Blocks the access to Cloud and Ground URLs for the tasks.
- IP allowlist below: Allows you to add a specific target range and allows access to tasks from only the specified IP addresses.
Allow any or specific Cloud-triggered allowlist
- To add a target range specify the Starting IP and Ending IP addresses and click Add.
- Select the checkbox Apply IP Allowlist to Groundplex Trigger and Ultra Tasks to add the same IP to Groundplex triggered tasks.
- The IP allowlist ranges are stored when you click Save at the bottom of the the Cloud-triggered allowlist screen.
- To remove the IP allowlist range select the IP address range from the checkbox and click Remove.
Deny Cloud-triggered allowlist
Every Task has a set of both secured (HTTPS) and unsecured URLs (HTTP) to call a pipeline. Select the option Nowhere - deny all IP address option to block access to Cloud and Ground unsecured HTTP URLs for Triggered tasks.