[CLD-6659] Add documentation for Cloud IP Filtering #6792
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| :orphan: | ||
| :nosearch: | ||
|
|
||
| .. raw:: html | ||
|
|
||
| <div class="mm-badge"> | ||
|
|
||
| |plans-img| Available only on `Enterprise <https://mattermost.com/pricing/>`__ plans | ||
|
|
||
| |deployment-img| Available only for `Cloud <https://customers.mattermost.com/cloud/signup/>`__ deployments | ||
|
|
||
| .. |plans-img| image:: ../_static/images/badges/flag_icon.svg | ||
|
|
||
| .. |deployment-img| image:: ../_static/images/badges/deployment_icon.svg | ||
|
|
||
| .. raw:: html | ||
|
|
||
| </div> | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,80 @@ | ||
| Cloud IP Filtering | ||
| ======================== | ||
|
|
||
| .. include:: ../_static/badges/ent-cloud-only.rst | ||
| :start-after: :nosearch: | ||
|
|
||
|
|
||
| IP filtering is a powerful security feature that allows system admins to control access to their workspace by defining approved IP ranges. Only users within these specified IP ranges can access the workspace, ensuring enhanced security for your workspace. IP filtering requires a subscription to Mattermost Cloud Enterprise. | ||
|
There was a problem hiding this comment. I removed capitalization on There was a problem hiding this comment. I'm 0/5. Spoke with @spirosoik and he's fine with lowercase as well. |
||
|
|
||
| Configure IP filtering | ||
|
There was a problem hiding this comment. @nickmisasi - Based on the v9.4 server changelog, Cloud IP Filtering will be disabled OOTB behind a feature flag. Are you open to updating this new docs page to include details on enabling the feature flag as an admin? There was a problem hiding this comment. End users (ie, anyone not on the Mattermost Cloud team) can't control feature flags in Cloud. The feature flag's in place so that we can wait until other system dependencies (CWS, Provisioner, etc) are ready without having to hold up the 9.4 release. An additional benefit is that we can disable the new feature in the event a glaring issue is found after release. I'm not sure it's worth documenting this as it's invisible to the user and may just cause confusion. Let me know what you think! There was a problem hiding this comment. One thing to add - the plan would be to enable the feature flag immediately as soon as the release rolls out to the enterprise ring in Cloud There was a problem hiding this comment. You're absolutely right -- users can't enable feature flags in Cloud. I'd forgotten that important point. No sense documenting something that Cloud admins won't be able to do. Given that the plan is to enable soon after release to the Enterprise ring, I wonder if the changelog needs a small update to clarify that point? Thoughts? |
||
| ------------------------ | ||
|
|
||
| 1. **Log in as System Admin**: Access the System Console of your workspace, ensuring your user is a system admin. | ||
|
|
||
| 2. **Go to Site Configuration**: Once logged in, go to the **Site Configuration** section. | ||
|
|
||
| 3. **Access IP Filtering Settings**: Under **Site Configuration**, select **IP Filtering** to access the IP Filtering settings. | ||
|
|
||
| About CIDR notation | ||
| ---------------------------- | ||
|
|
||
|
|
||
| CIDR (Classless Inter-Domain Routing) notation is used to specify a range of IP addresses. It consists of an IP address followed by a forward slash and a number indicating the network's prefix length. For example: | ||
|
|
||
| - ``192.168.0.0/24`` represents the IP range from ``192.168.0.0`` to ``192.168.0.255``. | ||
| - The ``/24`` signifies that the first 24 bits are the network address, leaving 8 bits for host addresses. | ||
|
|
||
| For a more in-depth explanation of CIDR notation, refer to `this article </https://aws.amazon.com/what-is/cidr/>`__. | ||
|
|
||
| Configure IP filters | ||
| ------------------------ | ||
|
|
||
| Add an IP range | ||
| ~~~~~~~~~~~~~~~~~~~~~~~ | ||
| To add an IP range to the whitelist, follow these steps: | ||
|
|
||
| 1. Select the **Add Filter** button within the IP Filtering settings page in the System Console. | ||
| 2. Enter the IP range using CIDR notation. For example, ``192.168.1.0/24``. | ||
| 3. Provide a descriptive name or label for the IP range to ease identification in the future. | ||
| 4. Save the changes. | ||
|
|
||
| .. note:: | ||
|
|
||
| The System Console will restrict you from saving changes if the IP address you are accessing your workspace on is not within the ranges you have specified at the time you save your changes. | ||
|
|
||
| Edit or remove an existing IP range | ||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
|
|
||
| To edit or remove an existing IP range from the whitelist: | ||
|
|
||
| 1. Locate the IP range you want to modify within the **IP Filtering** settings. | ||
| 2. Hover over the rule you'd like to edit or delete, and select the respective edit or delete option beside the IP range. | ||
| 3. Make necessary changes or confirm the removal of the IP range. | ||
| 4. Save your changes by selecting **Save**. | ||
|
|
||
| Enable/disable IP filtering | ||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
| System admins have the option to enable or disable IP filtering: | ||
|
|
||
| - **Enable:** To activate IP filtering, ensure at least one IP range is added to the whitelist. | ||
| - **Disable:** Temporarily disable IP filtering by removing all IP ranges from the whitelist, or by flipping the global IP Filtering toggle in the System Console. | ||
|
|
||
| Unable to access your workspace | ||
|
There was a problem hiding this comment. 100% we need to be explicit (with console images) here to help in the case that the workspace owner is not technical AND they are responding to an issue users are unable to access the cloud workspace. |
||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
| If you are unable to access your workspace due to previously set IP filters, and you need to regain access to your workspace, your workspace owner can: | ||
|
|
||
| 1. Visit the `Mattermost Customer Portal </https://customers.mattermost.com/>`__. | ||
| 2. Select the **IP Filtering** menu item in the left hand side bar. | ||
| 3. Select **Disable IP Filtering**. | ||
|
|
||
| .. note:: | ||
|
|
||
| Going through this process will disable **all** existing rules applied to your workspace. This means that any IP address will now be able to access it. | ||
|
|
||
| Conclusion: | ||
| -------------- | ||
|
|
||
| By configuring IP filters using CIDR notation, system admins can effectively manage access to the workspace, enhancing security by allowing access only from specified IP ranges. | ||
|
|
||
| For any further assistance or queries, `contact our support team </https://mattermost.com/support/>`__. | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for creating a new badge for this Enterprise Cloud-only feature. Please note that the "only" badges are exception badges that display in yellow, and are typically used inline on a page where a general badge is included at the top of the page.
Please use the non-only badge code for a white plan/deployment badge instead.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Latest commit should look like
