--- title: "Configure your IP Allowlist" slug: "configure-your-ip-allowlist" updated: 2022-09-30T18:34:08Z published: 2022-09-30T18:34:08Z --- > ## Documentation Index > Fetch the complete documentation index at: https://support.tulip.co/llms.txt > Use this file to discover all available pages before exploring further. # Configure your IP Allowlist ## Configuring Your IP Allowlist *Learn how to limit access to Tulip and the Player to certain IP addresses and CIDR blocks* NOTE This feature is available for “Enterprise” plans only. By default, Tulip allows users and operators to use apps and build apps from any IP address. However, you can limit access to Tulip and the Tulip Player to specific IP addresses and CIDR blocks using the “IP Allowlist” feature. This can be accessed from the “Network Access” tab under “Account Settings” ![](https://cdn.document360.io/7c6ff534-cad3-4fc8-9583-912c4016362f/Images/Documentation/Configuring%20Your%20IP%20Allowlist_234940376.png) Only users with the “Account Owner” role can view and edit the IP allowlist. **Once you “enable” the IP Allowlist, only the stated IP addresses and CIDR blocks will be able to access Tulip. Additionally, Tulip employees will be able to access your account in order to provide support.** **The IP Allowlist can always be disabled at a later time.** When a user attempts to access Tulip from an IP address outside the specified range, they will see an error screen that prevents them from continuing to use the product. The Allowlist only supports IPv4 format. NOTE The Allowlist only supports IPv4 format. ## Enabling the IP Allowlist Before enabling the IP Allowlist, ensure you know all IP addresses and CIDR blocks that need to be entered within your factory (or multiple factories). As soon as it is enabled, you will block all IP addresses outside this list. This can potentially interrupt production if you block IP addresses for devices that are running apps. This includes the following Tulip features: - Player - Edge Devices - Machines - Connector Hosts - SAML To change the IP Allowlist, press the “Edit” button in the top right of the screen to configure the Allowlist. There are two key pieces of information at the top of the screen: ![](https://cdn.document360.io/7c6ff534-cad3-4fc8-9583-912c4016362f/Images/Documentation/Configuring%20Your%20IP%20Allowlist_234940685.png) **Allowlist:** Choose whether the entire IP Allowlist is enabled or disabled. **Current IP Address:** The current IP address of the computer. This will be automatically entered into the list of permitted IP addresses and cannot be removed. It can be edited to include an entire CIDR block. You can then add an IP address/CIDR block, and then click “Add”. ![](https://cdn.document360.io/7c6ff534-cad3-4fc8-9583-912c4016362f/Images/Documentation/Configuring%20Your%20IP%20Allowlist_234940944.png) When you are done, press “Save” in the top right to update the IP allowlist. ## CIDR Blocks The Allowlist supports CIDR blocks. You can input them in the IP Allowlist column. Example: *8.8.8.7/28* **Tulip Player** **Tulip Player** is the Windows/Mac executable program where users can run Tulip apps. Tulip player allows you to create a more seamless user experience by removing the need for a web browser and allows increased IT controls. **Tulip Player** **Tulip Player** is the Windows/Mac executable program where users can run Tulip apps. Tulip player allows you to create a more seamless user experience by removing the need for a web browser, and allows increased IT controls. **Edge Devices** **Edge Devices** are any hardware intended to connect physical things to the cloud. This can include entirely mechanical devices, older machines without network functionality, PLCs, and more. Tulip sells the **Edge IO** and **Edge MC** that interface directly into **Triggers** in a breeze, but Tulip can also support other Edge Devices. **Machine** A **Machine**is a digital representation of a physical datasource. Machines have **Attributes**that are updated through an OPC-UA Connector or the Tulip API. **Connector Host** Tulip **Connector Hosts**are designed to allow your Tulip Apps to interface with external systems such as databases, APIs, and machines. **On-Prem Connector Hosts**sit within your network and allow Tulip to interface with SQL databases and APIs that aren't accessible to the cloud. **Security Assertion Markup Language** **Security Assertion Markup Language** is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. Within Tulip, SAML can be used to authenticate **Users.**