Add a trusted IP range so users on that network skip identity verification at login. You need the Manage IP Addresses permission, usually held by a System Administrator.
- Open Network Access
From Setup, type Network Access in the Quick Find box and select Network Access under the IP and Domain Access area.
- Start a new range
Click New. You will enter the first and last address of the range you want to trust.
- Enter the start and end IP
Type the Start IP Address and End IP Address. For a single host, use the same value in both fields. The range must stay within the Winter 26 size limits.
- Describe and save
Add a short description naming the network, such as the office or VPN it belongs to, then click Save. The IPs are trusted immediately.
- Verify with a real login
Have someone on that network log in and confirm they are not prompted for identity verification. Check Login History to see the source IP recorded.
The first address in the trusted range. Use a stable public IP your users actually log in from.
The last address in the range. Set it equal to the start for a single trusted host.
A free-text label. Name the network and owner so future audits can tell why the range exists.
- Network Access never blocks anyone. Outside-range users can still log in after passing identity verification, so do not use it as an access restriction.
- As of Winter 26 a single IPv4 range is capped at 33,554,432 addresses and the org total at 16,777,216. Oversized ranges are rejected on save.
- MFA still applies from trusted IPs. Trusted ranges remove identity verification, not the MFA step, so users in MFA-enforced orgs are still prompted.
- Do not confuse this with profile Login IP Range. That setting denies login outside its range. Network Access only relaxes verification.