Restrict access to subdomains to only certain IP addresses

We have a subdomain under
Currently that URL is publicly accessible.
Is there a way we can restrict access to only certain IP addresses from our datacenter only via ACL for example?

Hi ThatSecurityDude,

We appreciate your inquiry. I recommend checking out the following article IP Whitelist/Blacklist or Allowlist/Denylist on the ForgeRock Identity Cloud. The article illustrates a whitelist implementation, which can be a suitable way to permit traffic exclusively to or from specific sub-domains.

If you require further assistance in implementing IP address restrictions for specific subdomains from your data center, I would advise opening a support ticket. Our IDC experts will provide you with more customized guidance to address your specific needs, potentially using Identity Gateway.

Thank you,


IP address whitelisting/blacklisting is effective and works great at the journey level. However, this method is not sufficient for controlling access to non-journey APIs. To the best of my knowledge at the time of this response, ForgeRock IDCloud does not currently offer the capability to restrict access to specific domains or sub-domains based on IP addresses.

It’s worth noting that I am under the impression that this is a feature ForgeRock may be considering. I recommend submitting a support ticket to obtain an official statement and any potential implementation schedules from ForgeRock.

Does anyone know if you can limit the IP address that can login as an admin to the cloud environment. IE… only let admins login via a specific IP (IE your corporate NAT).