Stay organized with collectionsSave and categorize content based on your preferences.
TheIP Allowlistpage lets you specify a list of IP addresses that can access your Looker instance. For a list of specific IPs to allow based on your region, seeEnabling secure database access. When the IP allowlist is enabled, your Looker instance filters IP addresses at the application level, allowing connections fromonlythe IP addresses on the allowlist. Looker refuses connection attempts from all other IP addresses. When the IP allowlist is disabled, your Looker instance can accept connections from any IP address.
TheIP Allowlistpage is available only for Looker-hosted instances. Customer-hosted instances won't see this option in theAdminmenu. To view theIP Allowlistpage, from theServersection of theAdminmenu, selectIP Allowlist.
TheIP Allowlistpage lists the rules that you use to configure which IP addresses and subnet masks can access your Looker instance. Each rule also defines whether users from those IP addresses can log in only from the Looker UI, only from the Looker API, or from both sources.
In addition to viewing existing IP allowlist rules, you can perform the following tasks:
Enable or disable the IP allowlist with theEnable Allowlistswitch. When the allowlist is active, only users from listed IP address can connect.
Define a new rule, which adds more IP addresses to the allowlist.
Enable, disable, edit, or delete an existing rule.
Adding your IP address
If the IP allowlist has no rules defined, as when you first access the list, Looker will display two alerts:
a tooltip next to theEnable Allowlistswitch displays a warning icon
a note readingYour IP address is not allowlistedappears next to the switch
Select theYour IP address is not allowlistedtext to obtain your detected IP address. SelectAdd Ruleto add your IP address to the allowlist by using the following instructions.
Adding a new rule
SelectAdd Ruleto add an IP address or a range of addresses to the allowlist. Looker displays theNew IP Allowlist Ruledialog. To add a new rule, follow these steps:
Enter a name for the new rule in theLabelfield.
Enter a range of approved IP addresses in theIP Rangefield using an IP address and a subnet mask, as described inCIDR notation.
Specify whether the new rule applies only to login attempts from the Looker UI, only to login attempts from the Looker API, or to login attempts from both sources in theUI or API?drop-down menu.
SelectSave.
Things to know
While configuring your IP allowlist, keep the following considerations in mind:
Adding more than 50 rules may negatively impact Looker's performance.
To integrateGit pull requestswith any LookML projects, you need to add to the allowlist the range of IP addresses from which your Git provider makes outbound requests. For example, GitHub IP addresses areavailable from their meta API endpoint. IPs are subject to change and will be different for other Git providers.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["# Admin settings - IP Allowlist\n\n| **Note:** [Looker (Google Cloud core)](/looker/docs/looker-core-overview) instances don't include this page. To allow access to Looker (Google Cloud core) for particular IPs, use a [private IP](/looker/docs/looker-core-create-private-ip) Looker (Google Cloud core) instance, and control access with your VPC settings.\n\nThe **IP Allowlist** page lets you specify a list of IP addresses that can access your Looker instance. For a list of specific IPs to allow based on your region, see [Enabling secure database access](/looker/docs/2510/enabling-secure-db-access#option_1_ip_address_allowlist). When the IP allowlist is enabled, your Looker instance filters IP addresses at the application level, allowing connections from *only* the IP addresses on the allowlist. Looker refuses connection attempts from all other IP addresses. When the IP allowlist is disabled, your Looker instance can accept connections from any IP address.\n\nThe **IP Allowlist** page is available only for Looker-hosted instances. Customer-hosted instances won't see this option in the **Admin** menu. To view the **IP Allowlist** page, from the **Server** section of the **Admin** menu, select **IP Allowlist**.\n| **Note:** If you have a permission that provides access to only select pages in the Admin panel, such as [`manage_schedules`](/looker/docs/2510/admin-panel-users-roles#manage_schedules), [`manage_themes`](/looker/docs/2510/admin-panel-users-roles#manage_themes), or [`see_admin`](/looker/docs/2510/admin-panel-users-roles#see_admin), but you don't have the [Admin role](/looker/docs/2510/admin-panel-users-roles#default_roles), the page or pages that are described here may not be visible to you in the Admin panel.\n\nThe **IP Allowlist** page lists the rules that you use to configure which IP addresses and subnet masks can access your Looker instance. Each rule also defines whether users from those IP addresses can log in only from the Looker UI, only from the Looker API, or from both sources.\n\nIn addition to viewing existing IP allowlist rules, you can perform the following tasks:\n\n- Enable or disable the IP allowlist with the **Enable Allowlist** switch. When the allowlist is active, only users from listed IP address can connect.\n- Define a new rule, which adds more IP addresses to the allowlist.\n- Enable, disable, edit, or delete an existing rule.\n\nAdding your IP address\n----------------------\n\nIf the IP allowlist has no rules defined, as when you first access the list, Looker will display two alerts:\n\n- a tooltip next to the **Enable Allowlist** switch displays a warning icon\n- a note reading **Your IP address is not allowlisted** appears next to the switch\n\nSelect the **Your IP address is not allowlisted** text to obtain your detected IP address. Select **Add Rule** to add your IP address to the allowlist by using the following instructions.\n\nAdding a new rule\n-----------------\n\nSelect **Add Rule** to add an IP address or a range of addresses to the allowlist. Looker displays the **New IP Allowlist Rule** dialog. To add a new rule, follow these steps:\n\n1. Enter a name for the new rule in the **Label** field.\n2. Enter a range of approved IP addresses in the **IP Range** field using an IP address and a subnet mask, as described in [CIDR notation](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing).\n3. Specify whether the new rule applies only to login attempts from the Looker UI, only to login attempts from the Looker API, or to login attempts from both sources in the **UI or API?** drop-down menu.\n4. Select **Save**.\n\nThings to know\n--------------\n\nWhile configuring your IP allowlist, keep the following considerations in mind:\n\n- Adding more than 50 rules may negatively impact Looker's performance.\n- Certain Looker Action Hub features such as the [Slack integration](/looker/docs/2510/scheduling-slack) and [OAuth-enabled actions](/looker/docs/2510/action-hub#configuring_an_action_for_oauth) don't work when the IP allowlist is enabled.\n- To integrate [Git pull requests](/looker/docs/2510/git-options#integrating_pull_requests_for_your_project) with any LookML projects, you need to add to the allowlist the range of IP addresses from which your Git provider makes outbound requests. For example, GitHub IP addresses are [available from their meta API endpoint](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/about-githubs-ip-addresses). IPs are subject to change and will be different for other Git providers."]]
