gControl - IP Restriction

IP Restriction feature allows admin to restrict a particular user or a group of users to access their Google Apps account only from specific IP address like Office or Branch Office only. Administrators can create different policies for different users and different OUs (Google Apps organization unit) through a common control panel.

Note: IP restriction works only for the web login. It will not work for email client (POP/IMAP) and mobile sync apps. If admin wants to restrict user to the web they can disable Mobile sync and POP/IMAP from Google apps control panel.

gControl IP restriction feature provides the following features:

  • Restrict a particular user or a group of users to access Google Apps only from specific IP address.

  • Import User & IP details in CSV format.

  • Export registered user & IP mappings.

  • Admin can create many User based and OU based IP Restriction policies.

  • Add unlimited IPs & users in the policy.

IP restriction policy will not apply for the local IPs. It should be always be public IP. If you use proxy for your organization you can put your proxy IP as well.

Note : At this point, admin can set Proxy or Public IP setting on a domain level. Once this setting is applied all the policies have to follow the domain level setting.

Fo your public IP address give “my ip” in Google search, this will show you your public IP address. Refer the below screenshot.

For you proxy IP address go to whatismyip.com site, you will find the information as shown below.


How this works:

  • Open gControl Application

  • Click on IP Restriction link from Quick Links

  • Fill policy information like policy name,description, valid always, enabled etc.

  • Policy type should be users based or OU based.



    • In case you Rename your organisation which is already used in an Ip Policy or Move organisation to some organisation already used in Policy , you must select the renamed/moved organisation explicitly in IP Restriction Policy in order to get these OU’s applied with IP Restriction Policy.

    • Normally it takes 24 hours for the changes in Google apps to sync with gControl. If you do not see the changes that you made in Google apps control panel (OU created, modifies users moved, created etc..) please go to advanced setting, scroll to the bottom of the page and use the “Sync” button provided for sysc. This will sync your changes immediately.

    • You can add User ID & IP Address mapping manually or upload the csv by clicking on ADD USER or IMPORT CSV csv button.


    • For OU based IP restriction Import CSV format


    • For User based IP restriction Import CSV format (Clicking on the Sample CSV link on top will down load the sample csv which you can directly edit)

      • You can use first six columns for IP’s. If you want to apply more than six IP’s for single user, You can continue with next row.


    Configuration IP Setting

    In IP Restriction Policy setting screen, besides Add policy, you will find IP configuration option (as shown) you can select in which type of IP you want your policies to be based on, Public IP’s or Proxy IP’s.


    • Click on CONFIGURE IP SETTINGS button

    • Select public IP or Proxy IP.

    • Click on Save.

    • Click on Cancel Button for going back to IP restriction setting.


    Now, when an end user tries to log in from unauthorized IP’s (IPs not defined in the policy) they will get notified that you are not allowed to login from this system.