Unified administration security and encryption

👍

Welcome note

Unified login is in the process of being applied to all users throughout September 2025.

Access the pre-existing documentation here: Administration.

Control who can access your Bloomreach workspace by restricting access to specific IP addresses. This adds an extra layer of security by ensuring only approved networks can reach your applications and APIs.

The setup and usage of security and encryption in unified administration is unchanged from previous implementations.

IP access control

You can control which IP addresses can access your Bloomreach workspace using Cloud Armor and IP allow/block lists.

How it works

IP allow list
Only specified IP addresses can access your workspace. All other IPs are automatically blocked. This is the most restrictive option.

IP block list
Specified IP addresses are blocked from access. All other IPs are allowed. This is useful for blocking known threats while allowing broad access.

Workspace-level protection

IP access controls apply at the workspace level, protecting:

• All applications within the workspace (Engagement, Discovery, Data hub)
• All API endpoints
• All administrative interfaces

Unified login and IP restrictions

For users with unified login, IP allow list/block list settings do not protect the login page itself.

What this means

• The login page remains accessible from any IP address, including those on your block list.
• However: Applications and APIs within the workspace are fully protected by your IP allow list/block list.
• Users on blocked IPs can see the login page but can't access any applications or data after authentication.

This design allows users to see clear error messages if they're blocked, rather than experiencing connection timeouts.