As an Organization Owner, you can manage access to your Organization by defining IP addresses or IP ranges to either block or allow user access from specific IPs.

You do that by applying an authentication preference to block or allow user access from an IP range or specific IP address. If your authentication preference is defined for an IP range, you can set exceptions for specific IPs within the range. For example, if you apply block authentication to an IP range, you can then set an exception for one or more IPs within that range that will be allowed access to your VMware Cloud services.
Note: The IP address you enter must follow CIDR notation for IPv4 and IPv6 IP addresses.
There are two authentication preference options you can define:
  • Block IP: user logins from specific IP addresses/ranges are blocked access to the Organization.
  • Allow IP: user logins from specific IP addresses/ranges are allowed access to the Organization.
You can have only one preference activated in your Organization. You can switch between the two preferences, but you can't have both of them activated at the same time.
To set or modify an IP authentication preference in your Organization, log in to the Cloud Services Console and navigate to Organization > Authentication Policy > IP address/range.
Note: It may take up to 30 minutes for your policy settings to take effect in the Organization.
To Do this
Set an IP authentication preference for your Organization
  1. If setting an IP authentication preference for the first time, select an option and click Activate.

    The policy settings page displays, indicating the IP address/range has been activated in your Organization.

    Toggle button showing policy is turned on.

  2. Click Add and type an IP address or range.
  3. Click Add again.

    The address or range you entered is added to the list of blocked or allowed addresses and ranges specified for your Organization.
Add an exception to your authentication preference You define exception rules for IP addresses from an IP range that is already specified in the list of allowed or blocked IPs.
  1. In the Exception section of the IP address/range page, click Add an Exception.
  2. In the pop-up window that opens, type the IP addresses you want to add as exceptions to the authentication policy in your Organization.

    If you activated the Allow IP preference, users accessing VMware Cloud services from the IPs on the exceptions list will be denied access. Conversely, if you activated the Block IP preference, users accessing VMware Cloud services from the IPs on the exceptions list will be allowed access.
Modify the IP addresses, ranges, or exceptions for your authentication preference Once you activated an IP authentication policy, you can add additional IPs, IP ranges, and exceptions. You can also modify or remove existing IPs and ranges from the policy.
  • To make a change, first select the IP address or range from the list, then apply the appropriate action.
Change your IP authentication preference

If you want to switch the authentication preference in your Organization from Block IP to Allow IP or vice versa, you must first remove all IP addresses and ranges specified for the current authentication preference.

  1. On the IP address/range page, select all currently defined IP addresses and ranges.
  2. Click Remove.
  3. Click the Change link next to the User IP Authentication Preference option.
  4. In the pop-up window that opens, select the new option, then click Save.
  5. To define new IP addresses or ranges for the newly selected policy setting, click Add.

I accidentally blocked myself and want to unblock my IP

If you accidentally added your IP in the Block IP list for your Organization, you must file a support ticket to unblock. As you are not able to log in to your Organization and use the Support Center in Cloud Services Console, you can do that by calling VMware Support.

Does blocking a user IP address in my Organization block them from accessing other Organizations to which they are members

If a user belongs to multiple Organizations and IP based policy is enforced in one of these Organizations, they are not allowed access in that particular Organization. Then they have the option to switch to a different Organization upon login.