Reference

Tenant Access Control List (ACL) supports advanced customization through configuration of various settings. Refer to the tables below to learn more about the available options.

Signals

The following table contains all the supported signals:

Signal Property Data type Description
IPv4 / CIDR ipv4_cidr string Individual IPv4 address or CIDR range.
IPv6 / CIDR ipv6_cidr string Individual IPv6 address or CIDR range.
Geographic country code geo_country_code string ISO 3166-1 alpha-2 country code.
Geographic subdivision code geo_subdivision_code string ISO 3166-2 subdivision code.
Anonymous proxy anonymous_proxy string Proxy server that hides the user's IP address.
JA3/JA4 fingerprint ja_fingerprint string TSL client fingerprint.
User agent user_agent string Client device or browser.

Conditions

The following table contains all the supported conditions:

Condition Property Data type Description
Match match object Returns successful if the provided signal and any of the provided values are equivalent.
Does not match not_match object Returns successful if the provided signal and none of the provided values are equivalent.

Actions

The following table contains all the supported actions:

Action Property Data type Description
Allow allow boolean Allows traffic to pass through unaffected.
Block block boolean Blocks traffic from accessing specified scopes.
Redirect redirect boolean Redirects traffic to a provided location.
Redirect URI redirect_uri string URI to redirect traffic to.
Log log boolean Monitoring mode. No action is taken, but results are included in the Tenant ACL log event.

Scopes

The following table contains all the supported scopes:

Scope Value Description
Tenant tenant Enforces Tenant ACL for both Management API and Authentication scopes.
Management API management Enforces Tenant ACL for requests sent to {yourDomain}/api/v2/* and {yourDomain}/scim/*.
Authentication authentication Enforces Tenant ACL for requests sent to anywhere not covered in Management API scope.