SAP Knowledge Base Article - Public

2089414 - System: How to restrict access to SuccessFactors by IP address - IP Restriction Management


  • Restricting Access by IP Address
  • If you would like to add an additional layer of security for access to the SuccessFactors application, you can request access to be restricted to only certain IP addresses.
  • Self-Service tool - IP Restriction Management
  • Can we restrict access by IP address for some users and not others (i.e restrict SSO users and not PWD users)?

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."


SAP SuccessFactors HXM Suite


  • The SuccessFactors Application supports IP address restriction as a security method.
  • With this method the client provides specific IP addresses (single ones or ranges of addresses) that will be able to access the SuccessFactors Application.
  • Only users from these addresses can access the SuccessFactors Application and all others will get a notification when trying to login that they do not have access.

Here is a quick video describing the new feature:

Media not computed.


As of b1708 release, you can now use self-service to manage IP restrictions from Admin center.

First, you need to assign the following permission to the user who will be allowed to manage the restrictions: permission called "IP Restriction Management" in the "Manage system properties" section.
We recommend that the user log out and into the system again after you have assigned this permission. 


Starting b2011 release, we have added a tool tip on the IP restriction management permission to provide administrators a high level information on what the permission is for.

IP Restriction_tool tip.png

  1. Next, the admin user will be able to access the tool called "IP Restriction Management" in Admin Center.

    IP Restriction management admin tool.png

  2. To add a restriction, press the "+" symbol on the top right IP Restriction management plus .png.
    This will let you add two types of restrictions:
    1. Single IP Address:
      Enter the desired IP address and press save.
      IP restriction management single.png

    2. IP Address range:
      Enter the start and end IP for this range and press save.
      IP restriction management range.png

  • Please be sure to provide all IP addresses for your company (offices, remote workers, etc).
    If there are employees that are trying to access the application in an IP address other than the ones provided, they will not be able to log in.
  • Also make sure that you add your own IP to this list. If not, and you made a mistake, you could potentially end up locking out all users including yourself from the system.
    To check your public IP you can simply search for "what is my IP" in any search engine (for example this search in Google)

  • You can turn off IP restrictions for external users. To do so, press on the "cog" button on the top right. IP Restriction management cog .png
    This will display 3 options that can be enabled separately. Press save after you have finished selecting the options.
    IP Restriction management external.png

  • You can delete any previous stored value by pressing the delete button for that particular IP or range.
    You can also edit the previously configure value by pressing the pencil button on the respective configured IP or Range.
    IP restriction management update delete.png


  • Once IP restrictions have been configured, these restrictions are applied to all users. It is not possible to restrict access for some users and not others (i.e SSO/PWD users).
  • Please enter IPv4 addresses only. IPv6 is not supported.

See Also

Managing Instance Access


access list, filter, SuccessFactors, SAP, IP, Restrict, ipv6 , KBA , whitelist , whitelisting , LOD-SF-PLT-IPR , SF Server IP related Queries & IP Restriction , LOD-SF-PLT , Platform Foundational Capabilities , How To


SAP SuccessFactors HCM suite all versions