As an organization owner, you define IP addresses or IP ranges to either block or allow user access from specific IPs.

You do that by applying an authentication preference to block or allow user access from an IP range or specific IP address. If your authentication preference is defined for an IP range, you can set exceptions for specific IPs within the range. For example, if you apply block authentication to an IP range, you can then set an exception for one or more IPs within that range that will be allowed access to your VMware Cloud services.
Note: The IP address you enter must follow CIDR notation for IPv4 and IPv6 IP addresses.
To Do this
Set an IP authentication preference for your organization
  1. Log in to Cloud Services Console and click Organization > Authentication Policy.
  2. Click the IP address/range tab.
    If this is the first time you are creating an authentication policy for your organization, the Authentication Policy page displays the two IP authentication preferences you can choose from:
    • Block IP
    • Allow IP
  3. Make a selection and click Enable.
  4. To define the IP address or range for the selected policy setting, click Add and type the IP address or range.
  5. Click Add again.
Change your IP authentication preference You can only enable one preference or the other and once you make the change, any IP addresses or ranges you defined in the current policy will be lost when you apply the new setting.

If you want to switch from Block IP to Allow IP authentication preference or vice versa, you must remove the IP addresses and ranges specified for your current authentication preference.

  1. In the Authentication Policy page, select all IP addresses and ranges that are currently defined.
  2. Click Remove.
  3. Click the Change link next to the User IP Authentication Preference option.
  4. In the pop up window that opens, select the preferred option, then click Save.
  5. Define new IP addresses or ranges for the newly selected policy setting.
Add an exception to your authentication preference You define exception rules for IP addresses from an IP range that is already specified in the list of allowed or blocked IPs.
  1. In the Exception section of the Authentication Policy page, click Add an Exception.
  2. In the pop up that opens, type the IP addresses you want to add as exceptions to the authentication policy.

    If you enabled the Allow IP preference, users accessing VMware Cloud services from the IPs on the exceptions list will be denied access. Conversely, if you enabled the Block IP preference, users accessing VMware Cloud services from the IPs on the exceptions list will be allowed access.

Modify the IP ranges for your authentication preference Once you enabled an IP authentication policy, you can add additional IPs or IP ranges, edit or remove existing ranges.

To make a change, first select the IP address or range from the list, then apply the appropriate action.

I accidentally blocked myself and want to unblock my IP

If you accidentally added your IP in the Block IP list for your organization, you must file a support ticket to unblock. As you are not able to log in to your organization and use the Support Center in Cloud Services Console, you can do that by calling VMware Support.

Does blocking a user IP address in my organization block them from accessing other organizations to which they are members

If a user belongs to multiple organizations and IP based policy is enforced in one of these organizations, they are not allowed access in that particular organization. Then they have the option to switch to a different organization upon login.