Yes. All Gearset requests originate from one of four IP addresses;,,, or You will need to whitelist logins from these IPs for Gearset to be able to deploy changes to them.

If your org or profile doesn't have the IPs whitelisted, you will see this access_denied error message.

Adding Gearset's IP to Salesforce Network Access

You can restrict access to your Salesforce org via the Network Access  section within the Salesforce Setup menu.

For each of the four IPs listed above, select New  and specify the IP address as both Start IP  and End IP  with Gearset  as the description for easy identification later. 

Adding Gearset's IP to your profile's Login IP Range

Another way to restrict access to certain IPs is to restrict the Login IP Range  allowed for a given profile. Restricting allowed IPs for a profile ensures that sensitive profiles like System Administrator  have an extra level of protection. 

To authorise Gearset for a profile, open the Profiles  section of the Salesforce Setup menu and then click the name of the profile you want to modify the allowed IPs for. This is most likely System Administrator 

Now select Login IP Ranges  and add a new entry for each of the four IPs above as both start IP and end IP.

Using Login History to diagnose issues

If you're still running into issues and aren't sure what is going wrong then Login History from the Salesforce Setup menu is a great way to diagnose failed requests.

In the screenshot, you can see an attempt failed due to the wrong password and you'll see a similar entry with invalid_grant|ip_restricted if there is an issue with Gearset connecting to your org.

Did this answer your question?