Trusted IPs

Trusted IPs (Web Access Only)

Trusted IPs in CertiNext provide a network-level access control specifically for inbound web login access to the CertiNext user interface. This control restricts who can log in via the web UI based on the source IP address of the request.

Trusted IPs do not apply to API access and do not control outbound communication from CertiNext or automation bots.

Scope and Purpose

Trusted IPs are designed to:

• Restrict web-based login access to known and approved network locations

• Reduce exposure of the CertiNext UI to the public internet

• Add an additional security layer for administrative and privileged users

• Align UI access with corporate network or VPN policies

This feature is commonly used to ensure that CertiNext’s web console is accessible only from controlled environments.

What Trusted IPs Apply To

Trusted IP restrictions apply only to inbound access for the CertiNext web interface, including:

• User login to the CertiNext UI

• Browser-based access to dashboards, configuration screens, and reports

If a user attempts to access the CertiNext UI from an IP address that is not in the trusted list, the request is blocked before authentication is processed.

What Trusted IPs Do Not Apply To

Trusted IPs do not affect:

• API access (REST APIs, automation, integrations)

• Automation bots or agents

• Outbound connections from CertiNext

• CA integrations or external service calls

API security and automation access are governed by separate authentication, authorization, and transport security controls.

Supported IP Configuration

CertiNext supports:

• Individual IPv4 or IPv6 addresses

• CIDR-based IP ranges

• Multiple trusted IP entries per account

This allows organizations to define trusted access from:

• Corporate office networks

• VPN gateways

• Secure bastion or jump hosts

Operational Considerations

When configuring Trusted IPs:

• Ensure that all legitimate user access paths (office networks, VPNs) are included

• Maintain at least one valid trusted IP range to avoid accidental administrator lockout

• Update trusted IP entries when network configurations change

All access attempts—including blocked requests—are logged for audit and troubleshooting purposes.

Relationship to Other Security Controls

Trusted IPs complement, but do not replace:

• User authentication and MFA

• Role-based access control (RBAC)

• Audit logging and monitoring

Together, these controls support a defense-in-depth approach for securing access to the CertiNext web console.

Summary

Trusted IPs in CertiNext provide targeted protection for web UI access only. By restricting inbound login access to approved IP addresses and ranges—without impacting APIs or automation—organizations can significantly reduce the attack surface of the CertiNext interface while maintaining full operational flexibility.