Restrict access to bit bucket repo only via company laptops

Sreerag Nandan
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
October 12, 2023

Hi,

I am trying to restrict bitbucket repository access(push, pull, clone, download) only through the company systems(laptops).

I know Bitbucket can provide restricted access using IP addresses.
But what should we do when the IP address can change,
Does Bitbucket provide any facility to restrict access by comparing some physical 
addresses such as Mac addresses?

If so can anyone provide a link to the documentation?

2 answers

1 vote
Riley Venable
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
October 12, 2023

Bitbucket does not currently support restricting access based on MAC addresses. Bitbucket's access control mechanisms are based on IP addresses, user permissions, and two-step verification. If the IP address can change, you could consider using a range of IP addresses instead of a single one. However, keep in mind that this could potentially allow access from unwanted IP addresses within that range.

IP Allowlisting: An IP allowlist allows you to restrict access to the mirror to just some incoming IP addresses. You set the IP allowlist on your external-facing firewall. The mirror needs outbound access to the Bitbucket inbound address and inbound access from the Bitbucket outbound addresses. See Bitbucket Cloud IP addresses for the list of IP addresses that Bitbucket uses https://support.atlassian.com/bitbucket-cloud/docs/work-with-bitbucket-smart-mirroring/.

Access Control: You can require that users with access to private repositories or other private content are only able to see the content from certain IP addresses. If they aren't accessing from allowlisted IP addresses, users will see a message explaining why they have no access. You can add IP addresses or network blocks for a set of IP addresses to an allowlist https://support.atlassian.com/bitbucket-cloud/docs/control-access-to-private-content-in-a-workspace/.

For more detailed information, please refer to the Bitbucket Support Documentation.

Let me know if I can assist you further!

0 votes
Saxea _Flowie_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
October 12, 2023

Another idea is to have a jump box which has a fixed IP, a VPN or a ZTNA solution which provide more control over access.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events