Securing organizational email takes more than strong passwords and multi-factor authentication. The location from which a user signs in is just as important as the credentials they use, especially when the account holds sensitive business information. Credentials only confirm who is signing in; they don't say anything about where the attempt is coming from.

Allowed IP Addresses solve this at the organizational level. By defining permitted IP ranges, administrators can ensure that email access happens only from trusted networks, regardless of which user is signing in.

An Allowed IP Address is a configuration that restricts Zoho Mail login access to specified IP ranges. Login attempts from any IP sources outside the permitted range are blocked.

Restrictions can be applied at the organization level, individually under a user's Security settings, or through role-based and policy-based IP restrictions. The role can be Admin, Super Admin, User, or All.

For example, if zylker.com permits only the office network range, an employee like rebecca@zylker.com can sign in from the office but not from a personal network at home, unless additional ranges are configured.

Key use cases 

• Premise-based access: Restricting mail access to the corporate network so employees can only sign in from authorized office locations.

• Role and policy-based restrictions: Setting IP rules at the role level (Admin, Super Admin, User, or All) or at the policy level, so that all users assigned to the same role or policy share the same access boundary.

• Securing privileged accounts: Locking down admin or executive accounts to defined IP ranges to reduce the risk of unauthorized access.

 Why it matters for admins 

• Single point of control: All IP-based access rules are defined once in the Admin Console and applied automatically to the relevant users.

• Targeted access rules: Admins can apply restrictions at the organization, role, policy, or individual user level, depending on how access needs to be controlled in each case.

• Added protection layer: Even if credentials are compromised, accounts remain protected as login attempts from restricted IP ranges are blocked outright.  

Things to keep in mind 

• Strict enforcement: Once an IP restriction is in place, users cannot access their accounts from any IP outside the defined range.

• Risk of lockouts: Misconfiguration can lock users out of their own accounts, so allowed ranges should be reviewed carefully before being applied.  

Steps to configure User-based IP restriction in Zoho Mail Admin Console 

1. Log in to Zoho Mail Admin Console.

2. Navigate to Users in the left pane and click on the user you want to restrict access based on IP addresses.

3. On the Users page, click Security from the left menu.

4. Select Allowed IP addresses and click +Add icon.

5. Enter the IP range you would like the user to have access to using the From IP Address and To IP Address section.
   

6. Once done, click the Add button.