IP allowlist

Casdoor can restrict entry pages (login, sign-up, forgot-password) by client IP. Access is allowed only if the client IP is in the configured allowlist. Allowlists can be set at user, application, and organization levels; all applicable levels are checked.

Configuration

User level

Casdoor checks the user-level allowlist first.

Add the IP allowlist account item on the organization’s edit page (see Account customization).
For each user, set the allowlist as a comma-separated list of CIDR ranges (e.g. 192.168.1.0/24,25.112.0.0/16). Leave empty for no IP restriction.

user_ip_whitelist

Application level

If the request passes the user-level check, Casdoor then checks the application allowlist. Configure IP allowlist on the application edit page.

app_ip_whitelist

Organization level

The last check is at the organization level. Set IP allowlist on the organization edit page.

org_ip_whitelist

Here is a demo video that shows how to use ip whitelist:

Configuration​

User level​

Application level​

Organization level​

Configuration

User level

Application level

Organization level