Tenant-level restrictions allow an organization to restrict access only to specific monday.com accounts from their network. Using this feature, network administrators can specify which monday.com accounts can be accessed through that network, and any attempts to access other accounts while on that network will be blocked.
Tenant-level restrictions can work as a complementary feature to an account's IP restrictions. For example, with IP restrictions, the admins of a monday.com account can restrict access to specific IP ranges. Then, through tenant-level restrictions, network administrators belonging to that organization can ensure that no other monday.com account will be accessed from that IP range, thus guaranteeing that sensitive information can only be accessed in one way and cannot be easily moved to other monday.com accounts.
What restrictions are applied with this?
When tenant-level restrictions are set up for an organization, all attempts to access an account which isn't in the allowed accounts list would fail. This applies both to regular requests, page loads, API requests (only those made from the relevant network), SCIM requests, and others.
Applying tenant-level restrictions would also limit attempts to access or submit forms to those that belong to allowed accounts; any attempts to submit a form from a different account would fail.
How to apply it to your network
Tenant-level restrictions are applied for an organization by injecting an "x-monday-allowed-accounts" HTTP header for all requests that are sent from that organization's network. This can be done either via an on-premises SSL proxy through which all network requests pass, or through a cloud-based one.
The header's expected value is a comma-delimited list of allowed account IDs. For example, if a network administrator wants to only allow access to accounts 4, 8, 15, 16, 23 and 42, they would send:
If that header is sent, all attempts to access accounts whose IDs are not 4, 8, 15, 16, 23 or 42 - and/or monday forms not coming from one of these accounts - would fail.
In case the organization only has a single account, it's possible to only send its ID, of course:
When tenant-level restrictions are applied and they prevent a user from accessing an account, the following screen is shown:
Tenant-level restrictions rely on the incoming request arriving from the organization's network or controlled location. As a result, features which operate through third-party services - such as webhooks from our Slack and GitHub integrations, the "Email to Board" functionalities, etc. - would still be able to be sent to accounts which are not permitted in the tenant-level restrictions configuration.
If you have any questions, please reach out to our team right here. We’re available 24/7 and happy to help.