Outbound static IP addresses

ForgeRock allocates outbound static IP addresses to each of your development, staging, and production tenant environments (and to any sandbox^[1] and UAT^[2] tenant environments). This lets you identify network traffic originating from Identity Cloud and from individual environments within Identity Cloud.

Having static IP addresses for outbound requests lets you implement IP allowlisting in your enterprise network. Some examples of IP allowlisting are:

Adding IP addresses to your firewall settings to restrict access to your internal APIs
Adding IP addresses to your email server settings so emails sent from Identity Cloud are not marked as spam

FAQ

Why would I need to know my outbound static IP addresses?

You can add them to an allowlist that restricts access to your network infrastructure, adding an extra layer of access security. For example, you may want to allow only Identity Cloud to make API calls to an SMTP server inside your network.

How are outbound static IP addresses being introduced?

Outbound static IP address functionality is available and enabled by default if your tenant environments were created on or after the following dates:
- March 30, 2023 (sandbox^[1] environments)
- April 18, 2023 (development, UAT^[2], staging, and production environments)
For these tenant environments, refer to How can I find out what my outbound static IP addresses are?
Outbound static IP address functionality is available but not enabled if your tenant environments were created between the following dates:
- May 10, 2022 and March 30, 2023 (sandbox^[1] environments)
- May 10, 2022 and April 18, 2023 (development, UAT^[2], staging, and production environments)
For these tenant environments, refer to How do I enable outbound static IP addresses for my tenants?.
Outbound static IP address functionality is not available if your tenant environments were created before May 10, 2022.

For these tenant environments, the functionality will become available in 2024. For more information, please contact your ForgeRock representative.

How can I find out what my outbound static IP addresses are?

Outbound static IP address functionality is available and enabled by default if your tenant environments were created on or after the following dates:

March 30, 2023 (sandbox^[1] environments)
April 18, 2023 (development, UAT^[2], staging, and production environments)

You can view your outbound static IP addresses in your tenant global settings.

How do I enable outbound static IP addresses for my tenants?

Outbound static IP address functionality is available but not enabled if your tenant environments were created between the following dates:

May 10, 2022 and March 30, 2023 (sandbox^[1] environments)
May 10, 2022 and April 18, 2023 (development, UAT^[2], staging, and production environments)

To enable outbound static IP addresses and get your IP addresses:

Open an Identity Cloud: Config request with ForgeRock Support.

On the Identity Cloud: Config Request page, provide values for the following fields:

Field	Value
Hostname(s)	Enter a comma-separated list of FQDNs for your sandbox^[1], development, UAT^[2], staging, and production tenant environments.
What would you like to do?	Select Enable outbound static IP addresses.
Do you give permission for ForgeRock to access and make changes to your environment?	Select Yes to allow ForgeRock Support to access your environments

Field

Value

Hostname(s)

Enter a comma-separated list of FQDNs for your sandbox^[1], development, UAT^[2], staging, and production tenant environments.

What would you like to do?

Select Enable outbound static IP addresses.

Do you give permission for ForgeRock to access and make changes to your environment?

Select Yes to allow ForgeRock Support to access your environments

Click Submit to create the support ticket.
ForgeRock Support enables outbound static IP addresses and provides you with the IP addresses.

1. A sandbox environment is an add-on capability.

2. A UAT environment is an add-on capability.