Hi, I have set up Zero trust and I want to restrict access to one of the exposed services.
I have added my public IP in the Include rule, but when I open the website it asks me email.
Is it possible to make it just to look for IP and not asks for code also?
You should make a bypass rule for the IP address
Thanks for the reply, and how I do I block the rest?
The other access rule will make sure that requests have to go through the email login flow and you can just set that up so no one is allowed.
Your best option would be to use a Service Auth rule action. That will check the IP address but will not render a login screen prompt. You can keep a second policy with an action set to “allow” this will prompt all other users to login to the application.