TenantIPWhitelistEntry

IP address or CIDR block that is allowed to access a tenant workspace, enabling network-based access control and security restrictions. This entity supports IP-based security policies where tenants can restrict access to specific networks, offices, VPNs, or cloud infrastructure. It enables scenarios such as office-only access, VPN-required access, contractor temporary access, and geographic restrictions. Each entry can have labels for identification, expiration dates for temporary access, and enable/disable toggles for quick access control without deletion. The entity supports both individual IP addresses and CIDR notation for network ranges, enabling flexible network security policies. It serves as the network access control layer for multi-tenant platforms, supporting zero-trust architectures, compliance requirements (PCI-DSS network segmentation), and enterprise security policies.

11 properties

Schema

Properties

Property	Type	Mode	Description	Required
tenant	Tenant	stored	Reference to the Tenant this IP whitelist entry applies to	Required
cidrBlock	string	stored	IP address or CIDR block notation (e.g., '192.168.1.0/24' for range or '203.0.113.42' for single IP) Example: `"192.168.1.0/24"`	Required
label	string	stored	Human-readable label describing this IP entry Example: `"Main Office Network"`	Required
description	string	stored	Additional details about this IP whitelist entry Example: `"Corporate office network in New York"`	Optional
enabled	boolean	stored	Whether this whitelist entry is currently active Example: `true`	Required
expiresAt	datetime	stored	Date/time when this whitelist entry expires (null for permanent access) Example: `"2025-06-30T23:59:59Z"`	Optional
addedAt	datetime	stored	Date/time when this entry was added Example: `"2024-01-15T10:00:00Z"`	Required
addedBy	User	stored	Reference to the User who added this IP whitelist entry	Optional
metadata	json	stored	Additional metadata (e.g., location, ISP, purpose)	Optional
isExpired	boolean	calculated	Whether this whitelist entry has expired	Optional
daysUntilExpiration	number	calculated	Number of days until this entry expires (null if no expiration)	Optional

Examples

Example 1

{
  "@type": "TenantIPWhitelistEntry",
  "tenant": {
    "@type": "Tenant",
    "slug": "acme-corp",
    "name": "ACME Corporation"
  },
  "cidrBlock": "192.168.1.0/24",
  "label": "Main Office Network",
  "description": "Corporate headquarters network in New York",
  "enabled": true,
  "addedAt": "2024-01-15T10:00:00Z",
  "addedBy": {
    "@type": "User",
    "username": "security.admin"
  }
}

Example 2

{
  "@type": "TenantIPWhitelistEntry",
  "tenant": {
    "@type": "Tenant",
    "slug": "acme-corp",
    "name": "ACME Corporation"
  },
  "cidrBlock": "203.0.113.42",
  "label": "Contractor VPN - John Doe",
  "description": "Temporary access for external consultant",
  "enabled": true,
  "expiresAt": "2025-06-30T23:59:59Z",
  "addedAt": "2024-11-20T14:00:00Z",
  "addedBy": {
    "@type": "User",
    "username": "hr.admin"
  },
  "metadata": {
    "contractor": "John Doe Consulting",
    "project": "Q1 Security Audit"
  }
}

Example 3

{
  "@type": "TenantIPWhitelistEntry",
  "tenant": {
    "@type": "Tenant",
    "slug": "acme-corp",
    "name": "ACME Corporation"
  },
  "cidrBlock": "10.0.0.0/8",
  "label": "AWS VPC",
  "description": "AWS cloud infrastructure",
  "enabled": true,
  "addedAt": "2024-01-15T10:00:00Z"
}