- Getting started
- Data security and compliance
- Organizations
- Authentication and security
- Understanding authentication models
- Setting up the Azure AD integration
- Configuring consent prompts
- Restricting access by IP
- Restricting access to a set of users
- Restricting access to organizations
- Session policy
- Switching from customer-managed to UiPath-managed keys
- Enabling a firewall for the customer-managed key
- Licensing
- Tenants and services
- Accounts and roles
- AI Trust Layer
- External applications
- Notifications
- Logging
- Troubleshooting
- Migrating to Automation Cloud™
Automation Cloud Admin Guide
Enabling a firewall for the customer-managed key
You can apply an extra layer of security to your customer-managed key by enabling a firewall in the Azure Key Vault, and only allowing UiPath services to access the CMK.
-
In the Firewalls and virtual networks section, select Allow public access from specific networks and IP addresses.
-
In the Firewall section, add these UiPath static IPs:
-
20.213.69.140/30
-
20.92.42.116/30
-
20.220.159.8/30
-
20.104.134.160/30
-
20.239.121.152/30
-
20.232.224.12/30
-
20.78.114.120/30
-
104.215.9.124/30
-
20.166.153.132/30
-
20.198.150.140/30
-
20.23.210.168/30
-
20.66.65.144/30
-
20.219.182.96/30
-
52.140.57.140/30
-
20.90.169.148/30
-
51.142.146.56/30
-
If you have enabled a firewall, but have not added the IP addresses above to the allow list, you are returned an error in the Customer managed key configuration. This is what it looks like in the browser's debugging console (F12):
Client address is not authorized and caller is not a trusted service.\r\nClient address: 20.78.114.120\r\nCaller: appid=7a47c7ed-2f6f-43e3-a701-c4b0204b7f02;oid=a31db968-dd56-4ddd-95cc-e7dddd0562d1;iss=https://sts.windows.net/d8353d2a-b153-4d17-8827-902c51f72357/\r\nVault: plt-nst-config-kv;location=northeurope\nStatus: 403 (Forbidden)
Client address is not authorized and caller is not a trusted service.\r\nClient address: 20.78.114.120\r\nCaller: appid=7a47c7ed-2f6f-43e3-a701-c4b0204b7f02;oid=a31db968-dd56-4ddd-95cc-e7dddd0562d1;iss=https://sts.windows.net/d8353d2a-b153-4d17-8827-902c51f72357/\r\nVault: plt-nst-config-kv;location=northeurope\nStatus: 403 (Forbidden)
20.78.114.120
. To overcome the
issue, add the IP in the Firewall section mentioned at step 2,
above.