[FEATURE] IP-based access restriction for Claude Pro/Max accounts (Enterprise Security)
Preflight Checklist
- [x] I have searched existing requests and this feature hasn't been requested yet
- [x] This is a single feature request (not multiple features)
Problem Statement
Feature Request
Problem
Organizations subject to ISO 27001 / SOC2 compliance need to restrict
Claude account access to specific IP addresses or IP ranges. Currently,
a Claude Pro/Max account can be used from any location/device once
credentials are known. There is no way to enforce "this account can only
be used from approved corporate networks."
Proposed Solution
Proposed Solution
Add an IP allowlist feature at the account or organization level:
- Admin can define allowed IP addresses and CIDR ranges
- Login/API access is denied from non-whitelisted IPs
- Denied access attempts are logged for audit purposes
Alternative Solutions
Alternatives Considered
- Firewall rules blocking api.anthropic.com - works but is a blunt
instrument (blocks ALL accounts, not per-account control)
- Claude Code hooks with IP check scripts - client-side only,
can be bypassed
- Proxy gateway - adds complexity and latency
None of these provide the granularity of account-level IP restriction.
Priority
Critical - Blocking my work
Feature Category
CLI commands and flags
Use Case Example
Use Case
- We have 5-20 developers using Claude Code with Pro/Max subscriptions
- Our security policy requires that AI tools are only accessible from
approved corporate IP addresses
- We need to prevent account usage from unauthorized locations
(home networks, public WiFi, etc.) even if the user has valid credentials
- This is a hard compliance requirement for ISO 27001 certification
Additional Context
Additional Context
This is a common enterprise security feature offered by most SaaS
providers (GitHub, Azure AD, Google Workspace, AWS IAM, etc.).
Adding IP-based access control would significantly improve Claude's
enterprise readiness for regulated industries.
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗