Reference

Tenant Access Control List (ACL) supports advanced customization through configuration of various settings. Refer to the sections below to learn more about available options.

Signals

asns

string[]

List of Autonomous System Numbers (ASNs)

ipv4_cidrs

string[]

List of IPv4 addresses or CIDR ranges.

ipv6_cidrs

string[]

List of IPv6 addresses or CIDR ranges.

geo_country_codes

string[]

List of ISO 3166-1 alpha-2 country code.

geo_subdivision_codes

string[]

List of ISO 3166-2 subdivision code.

ja3_fingerprints

string[]

List of JA3 TLS Fingerprints.

ja4_fingerprints

string[]

List of JA4 TLS Fingerprints.

user_agents

string[]

List of client device or browser.

Conditions

match

object

Returns successful if the provided signal and any of the provided values are equivalent.

not_match

object

Returns successful if the provided signal and none of the provided values are equivalent.

Actions

allow

boolean

Allows traffic to pass through unaffected.

block

boolean

Blocks traffic from accessing specified scopes.

redirect

boolean

Redirects traffic to a provided location.

redirect_uri

string

URI to redirect traffic to.

log

boolean

Monitoring mode. No action is taken, but results are included in the Tenant ACL log event.

Scopes

tenant

Enforces Tenant ACL for both management and authentication scopes.

management

Enforces Tenant ACL for requests sent to {yourDomain}/api/v2/\*} and {yourDomain}/scim/\*}.

dcr

Controls access to Dynamic Client Registration endpoint /oidc/register.

authentication

Enforces Tenant ACL for requests sent to anywhere not covered in management scope.

Protect Your Application

Protect Your Tenant

Compliance

Reference

Signals

Conditions

Actions

Scopes

Protect Your Application

Protect Your Tenant

Compliance

​Signals

​Conditions

​Actions

​Scopes

Signals

Conditions

Actions

Scopes