Most businesses allow their users to access their Creatio site from anywhere, but some organizations need a more secure site that can only be accessed from their office (or via VPN) by some or all of their users. In this scenario, you can use the Creatio IP Address Restriction features to limit which IP Addresses can be used to access Creatio.

Start by identifying which users should not have restricted IP address rules applied. By default, this is setup for users with System Administrator role. If you want other users to be excluded from the restriction (or if you want System Administrators to be restricted as well), go to Operation Permissions > Ignore access check by IP Address and add/remove the necessary Users and Roles that should NOT have the IP Address restrictions applied.

Creatio operation permissions

Next, for all of your other users, you need to setup the range of IP Addresses that are allowed. Typically this is done at the Role level, but you can also setup specific IP ranges for individual users if needed. In the Role (Organizational or Functional) and/or User record, go to the Access Rules tab and add one or more IP Address ranges. To allow a single IP Address, enter the same IP Address value for both the Start and End columns. To allow a range of consecutive IP Addresses, enter the lower value in the Start and the higher value in the End, such as to You can set this up for the ‘All Employees’ role to apply the same values for all users, or you can set it up for individual roles as needed.

Creatio Organizational roles

Finally, once you have the settings already inside Creatio, you’ll need to update a Web.Config setting to enable the IP Address restrictions. If you are hosted by Creatio (your url ends with, contact Creatio Support and ask them to enable this for you. If you are hosted elsewhere, your server administrator will need to update the useIPRestriction parameter to true in your web.config file.

Once the web.config setting is enabled, IP Address Restrictions will start being applied according to the permissions you’ve setup. If a user tries to login from a non-allowed IP Address, they will receive an error message indicating that access is denied.

Creatio access denied
Posted in:

Looking for Creatio help?

We do training, customization, integration, and much more. Contact us today.