Skip to main content
Dashboard access policies require an Enterprise plan.
Control how organization members access the Mintlify dashboard: restrict access to trusted IP addresses and set how long dashboard sessions stay valid. Manage both policies on the Policies tab of the Identity & access page in your dashboard.

IP allowlist

Use an IP allowlist to restrict dashboard and editor access to trusted IP addresses and CIDR ranges. When you enable the allowlist, organization members can only sign in and use the dashboard and web editor from an allowed IP address. The IP allowlist applies to your Mintlify dashboard and editor, including SSO and break-glass sign-ins. It does not affect your published documentation site. API requests use separate IP controls. When a member tries to sign in or use the dashboard from a blocked IP address, Mintlify rejects the request and shows a message explaining that their address is not on the allowlist. Members can contact an admin to have their address added. You can allow access two ways:
  • Individual IP address: Allow a single address, such as 203.0.113.7.
  • CIDR range: Allow a block of addresses, such as 10.0.0.0/8. Use CIDR notation to grant access to an entire office or VPN network without listing each address individually.

Configure the IP allowlist

Add your current IP address to the allowlist before enabling it. If your address is not on the list, you can lock yourself out of the dashboard. The Policies tab displays your current IP address to help you avoid this.
  1. In your Mintlify dashboard, navigate to the Identity & access page.
  2. On the Policies tab, under Allowed IP addresses, enter an individual IP address (for example, 203.0.113.7) or a CIDR range (for example, 10.0.0.0/8).
  3. Click Add.
  4. Repeat for each address or range you want to allow.
  5. Enable the allowlist to begin enforcing it.

Session lifetimes

Control how long dashboard sessions stay valid before members must sign in again. You can set two independent limits:
  • Maximum session lifetime: Members must sign in again once a session reaches this age, regardless of activity. When off, sessions have no maximum age.
  • Idle session timeout: Members are signed out after this period of inactivity. When off, sessions time out after 14 days of inactivity.
Both limits accept values from 5 minutes to 14 days.

Configure session lifetimes

  1. In your Mintlify dashboard, navigate to the Identity & access page.
  2. On the Policies tab, under Session lifetimes, toggle on Maximum session lifetime or Idle session timeout.
  3. Set a duration for each limit that you enable.
  4. Click Save.
Lowering the maximum session lifetime applies to active sessions immediately: any session older than the new limit ends the next time it makes a request. Changes to the idle session timeout take effect as active sessions refresh.