Trusted Network List
This feature enables the administrator to configure network rules in order to apply upload or download restrictions for users that log in using different IP addresses.
The default rule
There will always be a default rule (0.0.0.0/0) configured for you. This rule applies to all IP addresses if no other rule is configured.
You can use this rule to deny upload or download for everyone and then configure a rule that allows upload or download only for the specified IP address(es).
Adding a new rule
In order to add a rule, click the ADD NEW RULE button and fill out the necessary information in the right panel.

The following options are available:
- Add a rule for a specific IP address (i.e. 192.168.16.20)
- Add a rule for a range of IP addresses using CIDR notation (i.e 192.168.16.0/24)
- If you want certain IP addresses to be excluded from this rule, you can configure an exception for it (up to 5 exception IPs)
The available restrictions for a rule are:
- Allow or deny upload for the IP address(es) specified in the rule
- Allow or deny download for the IP address(es) specified in the rule
- Allow authentication from the IP address(es) specified in the rule
Login Types
Vault offers the ability to restrict which types of users can login from a certain IP address or IP address range.
Below are listed the available login types:
- Local Users
- External Users
- Guests
- Active Directory Users
- Single Sign-on Users
- Radius
By adding or removing types you can dictate how the login screen appears to clients accessing the application from different IP addresses. Mixing and matching rules will produce login screens tailored to your authentication needs.
For example, the following configuration will only allow guests to login.

Enforcing Active Directory authentication
In order to allow only active directory users to login from a certain address or address range, you must select just the Active Directory login type for the selected network rule.
Enforcing Single Sign-on authentication
In order to allow only single sign-on authentication from a certain address or address range, you must select just the Single Sign-On login type for the selected network rule.
Enforcing Radius authentication

In order to allow only radius authentication from a certain address or address range, you must select just the Radius login type for the selected network rule.
Rule management
If you wish to find configured rules for a specific IP address, you can use the right filter icon:


Bulk actions are also available if you wish to delete multiple rules at once.
