This feature is only available if you are on the Enterprise licensing plan, and requires the Advanced Tier.

📘

公开预览

This feature is currently in public preview.

如果您想保护对组织的访问，并且只允许公司网络内的用户访问组织，则可以指定要允许的 IP 地址，我们会阻止所有其他流量。

在开始之前

先决条件

要使用此安全选项，您需要具备公司网络和 IP 范围方面的领域专业知识。

不兼容

While IP restriction is enabled, you cannot use the UiPath Automation Cloud^TM Migration Tool. This tool is used to migrate data from an on-premises installation of UiPath Orchestrator to the Orchestrator service in Automation Cloud.

范围

IP 限制影响：

• 通过用户界面登录的用户
• 使用平台 API 或 UiPath 服务 API 的程序和自动化。

如果代理（用户或程序）没有任何受信任的 IP，则在强制执行 IP 限制后，他们将无法与您的组织、其所有租户、其服务或相关 API 交互。

支持的 IP 地址

• 您可以为 IPv4 或 IPv6 类型的地址定义受信任的 IP 范围。
• You must use the Classless Inter-Domain Routing (CIDR) IP format.
• 您无法为私有地址定义受信任的 IP 范围。

测试环境

我们强烈建议先在非生产环境中执行此配置并对其进行测试，然后再将其应用于生产环境，以避免对用户和自动化项目造成干扰。

添加可信 IP 范围

If your private network uses a known set of IP addresses, you can add them in Security Settings to only allow users from those addresses to access your organization.

1. 转到“管理员”。
2. Make sure that the organization is selected at the top of the left pane and then select Security Settings.
   组织的“安全设置”页面随即打开。
3. 在顶部，选择“ IP 限制”选项卡：

4. Add a set of IP addresses:
   一个。单击“添加可信 IP 范围” 。 “添加可信 IP 范围”面板将在窗口右侧打开。
   b. Fill in the IP set name field with a suggestive name for this range.
   c. Under Add IP rage(s), in the field, type a trusted IP address. The address can be IPv4 or IPv6 and must be in Classless Inter-Domain Routing (CIDR) format.
   d. To add another address, click Add more under the field to add another field.
   Users who have an IP that is included in this range will be able to access your organization. Users with any other address will not.
   Your current IP is shown at the top of the panel so that you make sure to include it, otherwise you won't be able to enable IP restriction. This is because if your IP address is not included in a trusted range, enabling IP restriction would lock you out.
   e.单击面板底部的“添加”。
   The panel closes and the set is displayed on the page.
5. Repeat the above step to add as many sets of IP addresses as you need.

After you enable IP restriction, only users and programs that have an IP that was declared in one of the trusted IP ranges can access your organization. If they are not, they see an Access forbidden message when trying to access the organization.

Next steps: After you have added all of the IP sets,, proceed with the instructions in the next section to enable IP restriction.

Enabling or disabling IP restriction

Enable IP restriction to block traffic from IP addresses other than the trusted IP ranges you have declared, or disable it to allow access from any IP.

1. 转到“管理员”。
2. Make sure that the organization is selected at the top of the left pane and then select Security Settings.
   组织的“安全设置”页面随即打开。
3. Along the top, select the IP Restriction tab.
4. On the right, under Enforcement type, select an option:
   • To enable IP restriction, select Allow only trusted IPs.
     Only agents that use an IP which is included in one of the trusted IP ranges can access your organization.
   • To disable IP restrictions, select Allow all IPs.
     Even if trusted IP ranges are defined on the page, access is allowed from any IP when this option is set.
5. 在确认对话框中，单击“确认”以启用 IP 限制。