The Blocked IP Addresses screen helps you monitor and manage public IPs that have been automatically blocked due to sign-in policy violations. These blocks are triggered when a User Sign-In Policy or Administrator Sign-In Policy includes the Block IP action—typically used for risky or suspicious login attempts.
📍 To access this screen, go to Insights → Blocked IP Addresses
This view enhances visibility and gives you full control over how your environment responds to unauthorized or anomalous sign-in activity.
The screen is divided into two tabs:
- User: Lists public IP addresses blocked after failed or risky sign-in attempts by end users
- Administrator: Shows blocked IPs resulting from sign-in attempts by administrator accounts
Each row includes:
| Column | Description |
|---|---|
| Public IP | The external IP address that was blocked |
| User / Administrator | The account associated with the attempted sign-in |
| Policy Name | The sign-in policy that triggered the block |
| Location | Geographic location of the IP (if detected) |
| Time | The timestamp when the block was applied |
Auto-unblock IP Addresses
Click the Settings button in the top-right corner to configure auto-unblock behavior.
You can set a duration (in hours) after which blocked IPs will be automatically unblocked, unless a new violation re-triggers the same policy.
| Setting | Description |
|---|---|
| Block Duration | Number of hours an IP remains blocked |
| Reset on Violation | Each new violation resets the block timer |
This helps strike a balance between proactive protection and operational flexibility—reducing the need for manual clean-up while keeping your environment secure.
Updated
Comments
0 comments
Please sign in to leave a comment.