Yes. All Gearset requests originate from one of our static IP addresses. You will need to add logins from these IPs to the allowlist for Gearset to be able to deploy changes to them.
If your org or profile doesn't have the IPs allowlisted, you will see this
access_denied error message.
Adding Gearset's IPs to Salesforce Network Access
You can restrict access to your Salesforce org via the
Network Access section within the Salesforce Setup menu.
For each of the four IPs listed above, select
New and specify the IP address as both
Start IP and
End IP with
Gearset as the description for easy identification later.
Adding Gearset's IPs to your profile's Login IP Range
Another way to restrict access to certain IPs is to restrict the
Login IP Range allowed for a given profile. Restricting allowed IPs for a profile ensures that sensitive profiles like
System Administrator have an extra level of protection.
To authorize Gearset for a profile, open the
Profiles section of the Salesforce Setup menu and then click the name of the profile you want to modify the allowed IPs for. This is most likely
Login IP Ranges and add a new entry for each of the four IPs above as both start IP and end IP.
Using Login History to diagnose issues
If you're still running into issues and aren't sure what is going wrong, then
Login History from the Salesforce Setup menu is a great way to diagnose failed requests.
In the screenshot, you can see an attempt failed due to the wrong password and you'll see a similar entry with
invalid_grant|ip_restricted if there is an issue with Gearset connecting to your org.