Skip to main content
Can Gearset connect to orgs with IP access restrictions?

How to add Gearset to Network Access and Login IP Range

Valerio Chang avatar
Written by Valerio Chang
Updated over a year ago

Yes. All Gearset requests originate from one of our static IP addresses. You will need to add logins from these IPs to the allowlist for Gearset to be able to deploy changes to them.

If your org or profile doesn't have the IPs allowlisted, you will see this access_denied error message:

or this message:

Adding Gearset's IPs to Salesforce Network Access

You can restrict access to your Salesforce org via the Network Access section within the Salesforce Setup menu.

For each of the four IPs listed above, select New and specify the IP address as both Start IP and End IP with Gearset as the description for easy identification later. 

Adding Gearset's IPs to your profile's Login IP Range

Another way to restrict access to certain IPs is to restrict the Login IP Range allowed for a given profile. Restricting allowed IPs for a profile ensures that sensitive profiles like System Administrator have an extra level of protection. 

To authorize Gearset for a profile, open the Profiles section of the Salesforce Setup menu, and then click the name of the profile you want to modify the allowed IPs for. This is most likely System Administrator.

Now select Login IP Ranges and add a new entry for each of the IPs (listed here) as both start IP and end IP.

Using Login History to diagnose issues

If you're still running into issues, and aren't sure what is going wrong, then Login History from the Salesforce Setup menu is a great way to diagnose failed requests.

In the screenshot, you can see an attempt failed due to the wrong password, and you'll see a similar entry with invalid_grant|ip_restricted if there is an issue with Gearset connecting to your org.

Still having trouble connecting your org to Gearset?

If after adding our static IP addresses to your "Trusted IP Ranges" list, you're still running into trouble, we recommend adjusting an additional setting within your org. Please follow these steps:

1) In your org, via setup, navigate to Connected Apps > Connected Apps OAuth Usage.

2) If the "Gearset Deploy" app is yet to be installed, click install.

3) Click Manage App policies, then Edit Policies.

4) You should then be able to adjust the IP Relaxation setting to Relax IP Restrictions:

5) Once that's saved, you should then be able to add the org connection accordingly.

Did this answer your question?