Hi,
I am trying to restrict bitbucket repository access(push, pull, clone, download) only through the company systems(laptops).
I know Bitbucket can provide restricted access using IP addresses.
But what should we do when the IP address can change,
Does Bitbucket provide any facility to restrict access by comparing some physical
addresses such as Mac addresses?
If so can anyone provide a link to the documentation?
Bitbucket does not currently support restricting access based on MAC addresses. Bitbucket's access control mechanisms are based on IP addresses, user permissions, and two-step verification. If the IP address can change, you could consider using a range of IP addresses instead of a single one. However, keep in mind that this could potentially allow access from unwanted IP addresses within that range.
IP Allowlisting: An IP allowlist allows you to restrict access to the mirror to just some incoming IP addresses. You set the IP allowlist on your external-facing firewall. The mirror needs outbound access to the Bitbucket inbound address and inbound access from the Bitbucket outbound addresses. See Bitbucket Cloud IP addresses for the list of IP addresses that Bitbucket uses https://support.atlassian.com/bitbucket-cloud/docs/work-with-bitbucket-smart-mirroring/.
Access Control: You can require that users with access to private repositories or other private content are only able to see the content from certain IP addresses. If they aren't accessing from allowlisted IP addresses, users will see a message explaining why they have no access. You can add IP addresses or network blocks for a set of IP addresses to an allowlist https://support.atlassian.com/bitbucket-cloud/docs/control-access-to-private-content-in-a-workspace/.
For more detailed information, please refer to the Bitbucket Support Documentation.
Let me know if I can assist you further!
Another idea is to have a jump box which has a fixed IP, a VPN or a ZTNA solution which provide more control over access.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.