×

Secure Your HubSpot Login Access

/ CRM, Hubspot / By

How to Secure Your HubSpot Login with Trusted IP Addresses

Protecting user access in Hubspot is essential for admins who manage sensitive marketing, sales, and service data. One of the strongest protections you can enable is an IP access list, which restricts account logins to trusted locations only.

This guide explains how to configure IP restrictions, what each setting means, and how to manage exceptions so that your team stays secure without losing access when they need it most.

What IP Restrictions Do in HubSpot

IP restriction features let you decide which network locations are allowed to log in. When enabled, the system checks a sign-in attempt against your list of allowed addresses before credentials are even considered.

At a high level, this setting:

  • Prevents sign-ins from unknown networks
  • Helps block attackers even if they know a password
  • Centralizes access control for admins
  • Supports secure work-from-home and office policies

Before you turn the feature on, you should understand how public IPs work, and confirm which addresses your company uses for office connections and VPNs.

Requirements to Use HubSpot IP Access Lists

Only specific subscription tiers include the ability to limit logins by IP. Typically this is available on business-focused plans that include advanced security controls. Check your subscription settings and documentation in your account to confirm availability.

You also need to be a super admin or have equivalent permission to modify account security policies. If you do not see the option described below, your role may not have access to these settings.

How to Turn On HubSpot IP Restrictions

Once you have the right subscription and permissions, you can enable the IP access list in your security settings. The exact navigation may vary slightly based on interface updates, but the general process follows these steps:

Step 1: Open Your Security Settings in HubSpot

  1. Sign in to your account using an admin user.
  2. Go to your main settings area from the top navigation.
  3. Locate the section dedicated to account security or login policies.

Within this area, you will find a setting for IP access lists or limiting sign-in locations.

Step 2: Add Trusted IP Addresses

Before you enforce restrictions, you must add at least one trusted address. Collect the public IPs for your office, VPN, or other approved networks from your IT team or internet provider.

In the IP list section:

  1. Click the option to add a new IP or range.
  2. Enter the address in the required format (single IP or CIDR range).
  3. Optionally, add a label so you recognize the location later, such as “Main Office” or “Corporate VPN”.
  4. Save your changes.

Repeat these steps for every corporate location from which team members are allowed to access the account.

Step 3: Enable the HubSpot IP Access List Policy

After you add the allowed locations, you can activate enforcement so that the system starts checking logins against the list.

  1. Locate the toggle or control that turns on login restrictions.
  2. Review any warning or summary of the change so you understand the impact.
  3. Confirm activation.

From this point forward, new sign-ins must originate from one of your trusted addresses or they will be blocked.

Understanding How IP Limits Affect Users in HubSpot

When IP restrictions are active, the platform applies the rule to login attempts. Users outside your approved networks will not be able to sign in, even with the correct password or two-factor code.

Key behavior details include:

  • Existing sessions generally keep working until they expire or the user signs out.
  • New sessions from disallowed addresses are blocked immediately.
  • Access via supported mobile or desktop apps may still require an approved IP, depending on how your environment is configured.

Communicate the change in advance so your team knows they need to connect through approved office networks or VPNs before logging in.

Best Practices for Securing HubSpot with IP Lists

Configuring IP restrictions should be part of a broader security strategy. Consider these practices as you roll out the feature.

Combine IP Restrictions with Other HubSpot Security Tools

An IP access list is powerful, but it works best alongside other protections:

  • Enable two-factor authentication (2FA) for all users.
  • Use strong, unique passwords managed in a password manager.
  • Regularly review user roles and remove unused accounts.
  • Monitor sign-in logs for unusual activity.

Layered security helps reduce the risk of compromised credentials being used from an allowed location.

Plan for Remote and Traveling Users in HubSpot

Remote workers and traveling staff may need to access your account from many locations. To support them while staying secure, you can:

  • Require connection to a corporate VPN that uses a stable, known IP.
  • Provide clear instructions on how to connect to the VPN before signing in.
  • Consider temporary IP additions for critical trips, then remove them when no longer needed.

Always keep your list as narrow as practical to minimize risk.

Maintain and Audit Your IP Access List

Over time, office moves, ISP changes, and network upgrades can alter your public IP addresses. Regular list reviews help avoid lockouts and security gaps.

On a recurring schedule:

  • Confirm each IP entry is still valid and in use.
  • Remove locations that are no longer needed or have been decommissioned.
  • Test access from major corporate networks to verify everything works.

Document changes so future admins understand why each location is present.

Troubleshooting HubSpot Login Issues After Enabling IP Limits

If users report that they cannot sign in after you enable restrictions, work through a few quick checks.

Check the User’s Current IP Address

Ask the user to visit an IP lookup site or contact IT to confirm their public IP. Verify that this address is listed in your approved entries and that the format matches what the settings expect.

Confirm the User Is on an Approved Network

Sometimes users believe they are connected to a VPN or office network when they are not. Have them:

  • Reconnect to the corporate VPN and retry.
  • Disable personal VPNs or proxies that may route traffic through unapproved addresses.
  • Move off public Wi-Fi networks, such as coffee shops or airports.

Temporarily Adjust the HubSpot IP List If Needed

In emergency situations, you may briefly add a new IP to restore access. When you do this, set a reminder to reassess and remove that entry if it is no longer necessary.

Where to Learn More About HubSpot IP Security

For the most accurate and up-to-date technical steps, always refer directly to the official documentation. You can review the current instructions for limiting logins to trusted addresses here: official HubSpot IP restriction guide.

If you need broader help with CRM strategy, implementation, or optimization, you can also consult specialists who focus on digital operations. A good starting point is Consultevo, which provides advisory resources for organizations building scalable systems.

By carefully planning your trusted networks, configuring IP access lists, and maintaining them over time, you significantly strengthen the security posture of your account without sacrificing day-to-day productivity.

Need Help With Hubspot?

If you want expert help building, automating, or scaling your Hubspot , work with ConsultEvo, a team who has a decade of Hubspot experience.

Scale Hubspot

“`

Verified by MonsterInsights