Yes. All Gearset requests originate from one of our static IP addresses. You will need to add logins from these IPs to the allowlist for Gearset to be able to deploy changes to them.
If your org or profile doesn't have the IPs allowlisted, you will see this access_denied
error message:
or this message:
Adding Gearset's IPs to Salesforce Network Access
You can restrict access to your Salesforce org via the Network Access
section within the Salesforce Setup menu.
For each of the four IPs listed above, select New
and specify the IP address as both Start IP
and End IP
with Gearset
as the description for easy identification later.
Adding Gearset's IPs to your profile's Login IP Range
Another way to restrict access to certain IPs is to restrict the Login IP Range
allowed for a given profile. Restricting allowed IPs for a profile ensures that sensitive profiles like System Administrator
have an extra level of protection.
To authorize Gearset for a profile, open the Profiles
section of the Salesforce Setup menu, and then click the name of the profile you want to modify the allowed IPs for. This is most likely System Administrator
.
Now select Login IP Ranges
and add a new entry for each of the IPs (listed here) as both start IP and end IP.
Using Login History to diagnose issues
If you're still running into issues, and aren't sure what is going wrong, then Login History
from the Salesforce Setup menu is a great way to diagnose failed requests.
In the screenshot, you can see an attempt failed due to the wrong password, and you'll see a similar entry with invalid_grant|ip_restricted
if there is an issue with Gearset connecting to your org.
Still having trouble connecting your org to Gearset?
If after adding our static IP addresses to your "Trusted IP Ranges" list, you're still running into trouble, we recommend adjusting an additional setting within your org. Please follow these steps:
1) In your org, via setup, navigate to Connected Apps
> Connected Apps OAuth Usage
.
2) If the "Gearset Deploy" app is yet to be installed, click install
.
3) Click Manage App policies
, then Edit Policies
.
4) You should then be able to adjust the IP Relaxation setting to Relax IP Restrictions
:
5) Once that's saved, you should then be able to add the org connection accordingly.