Restrict access to subgroup by IP address
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Proposal
Similar to the feature introduced in #1985 (closed), a user has asked that we enable IP restrictions on subgroups as well as groups.
From their zendesk ticket (internal):
At the moment we use SSO enforcement on our group which means we can't have external collaborators or open source any of our 11k repos due to the ultimate license being applied to the top level group rather the the user.
We've been trialing the "transparent SSO enforcement" option with @hsutor and @dblessing which would allow for external collaborators whilst still enforcing SSO for our own staff. That however introduces a new risk, as we'll need to enable the visibility level of Public on our parent group, meaning people could (intentionally or otherwise) make things public that shouldn't be.
A mitigation for this would be to enforce IP restrictions to our range for all subgroups and only remove them on those that should be public. That way even if someone did make something public they shouldn't access they would still be denied.