Yes. All Gearset requests originate from one of our static IP addresses. You will need to add logins from these IPs to the allowlist for Gearset to be able to deploy changes to them.

If your org or profile doesn't have the IPs allowlisted, you will see this access_denied error message

or this message

Adding Gearset's IPs to Salesforce Network Access

You can restrict access to your Salesforce org via the Network Access section within the Salesforce Setup menu.

For each of the four IPs listed above, select New and specify the IP address as both Start IP and End IP with Gearset as the description for easy identification later. 

Adding Gearset's IPs to your profile's Login IP Range

Another way to restrict access to certain IPs is to restrict the Login IP Range allowed for a given profile. Restricting allowed IPs for a profile ensures that sensitive profiles like System Administrator have an extra level of protection. 

To authorize Gearset for a profile, open the Profiles section of the Salesforce Setup menu and then click the name of the profile you want to modify the allowed IPs for. This is most likely System Administrator.

Now select Login IP Ranges and add a new entry for each of the IPs (listed here) as both start IP and end IP.

Using Login History to diagnose issues

If you're still running into issues and aren't sure what is going wrong, then Login History from the Salesforce Setup menu is a great way to diagnose failed requests.

In the screenshot, you can see an attempt failed due to the wrong password and you'll see a similar entry with invalid_grant|ip_restricted if there is an issue with Gearset connecting to your org.

Did this answer your question?