Genesys Cloud FedRAMP Region – Restrict OAuth client credentials grants to allowed IP addresses
| Announced on (YYYY-MM-DD) | Effective date (YYYY-MM-DD) | Aha! idea |
|---|---|---|
| 2026-04-06 | - | - |
In a future release, administrators can restrict OAuth clients that use the Client Credentials grant type to specific allowed IP addresses or CIDR ranges. With this update, administrators can limit where those requests originate, which adds a clear security control for application-based access.
What’s new
Administrators can optionally configure allowed IP addresses for OAuth clients that use the Client Credentials grant type.
What this changes
At this time, no changes are required for new or existing OAuth clients that use the Client Credentials grant type, whether created through the admin console or APIs. However, Genesys strongly recommends configuring an allowed IP range for these clients and updating any tooling used to create them accordingly. In a future release, specifying an allowed IP range is expected to become a requirement.
Why this matters
This feature reduces the risk of unauthorized access when client credentials are leaked and helps ensure that only requests from trusted networks can use the client credentials grant.
[NEXT] Was this article helpful?
Get user feedback about articles.