How to restrict access to your Kommo account with an IP whitelist

For extra security, Kommo lets you restrict account access by creating a whitelist of trusted IP addresses. That means only approved users from specific locations will be able to access your Kommo account.

In this article, you’ll learn:

What is an IP whitelist?

An IP whitelist is a security feature that allows you to restrict access to your Kommo account based on trusted IP addresses. By setting up an IP whitelist, you can ensure that only users from approved locations can log in to your account. This helps to protect your CRM data by preventing unauthorized access, even if someone outside of your trusted network tries to gain access to your account.

IP whitelisting limitations

  • Mobile app: If you enable the “Block untrusted API requests” option, the Kommo mobile app will no longer work. This is because your mobile device typically uses dynamic IP addresses that change frequently, they won’t match the fixed IPs in the whitelist, blocking access to the Kommo mobile app, which relies on API access to function.
  • VPN usage: If you use a VPN, setting up an IP whitelist may block you from accessing your Kommo account. This is because your VPN’s IP address won’t match the approved addresses in your whitelist.

How to set up an IP address whitelist in Kommo

To set up a whitelist of IP addresses, follow these steps:

  1. Go to Settings > Users > click the three dots (ellipsis) > select Whitelist of IP addresses.

  1. Turn the toggle on for the Whitelist of IP addresses button.

  1. Enter the trusted IP addresses in the box. Don’t forget to add your current IP address to avoid getting locked out. If you want to block untrusted API requests, check the API requests box. Click Save to apply changes.

Note: Blocking API requests will disable the Kommo mobile app since the IP address from the mobile device will change frequently and it won’t match the approved IPs in your whitelist.

How to view the IP address logged into your account

You can see the list of IP addresses and devices that have logged into your account in the profile settings. Please note that this list displays the IPs for the entire account, not just individual user sessions. Here’s how to do it:

  1. Click on your profile picture (top left) > Select Profile.

  1. Scroll down to the Sessions section to see the list of IP addresses, the devices used, the last login time, and their regions. To remove a device's access to your account, click Logout next to it.

Note: Sessions will expire and automatically log out of a device after 3 months of inactivity, but this period might be shorter if you have two-factor authentication (2FA) activated. Check out our article on setting up 2FA for more details.

If you notice an unfamiliar device has logged in, we recommend changing your password. Once you do, you will be automatically signed out of all devices, websites, and apps where you are currently logged in with that password.

If you need more help with setup or troubleshooting, feel free to reach out to our support chat or contact us via WhatsApp. You can also hire a Kommo partner to do all the hard work for you.

Not a user yet? Sign up for our 14-day free trial or book a free live demo.

Try Kommo free

Discover how Kommo can transform your client management now