An exciting new security feature coming August 13th, 2025
Shepherd offers enhanced login security by allowing clinics to restrict access based on IP addresses. When enabled, only users connecting from approved IP addresses can log in. Clinic managers can configure this setting, receive alerts for unauthorized attempts, and view detailed logs of blocked access.
These restrictions currently apply to clinic login users only. IP-based restrictions for Group Platform logins are coming soon.
Before You Start
Static IP address required: This feature should only be configured if you are using a static IP address. Enabling it with a dynamic IP may result in being locked out of your account.
Confirm your IP type with your network administrator or ISP before proceeding.
Remote Access users are not affected and can continue to log in remotely.
IP restrictions should only be configured if you are using a static IP address.
Who Can Enable IP Address Restrictions
Only users with the User Setting permission can configure IP restrictions. This permission is granted by default to Admin and Practice Owner roles.
How to Enable Clinic Login IP Address Restrictions
Navigate to Admin → Users → Settings
Toggle on Enable Clinic Login IP Address Restrictions and select Save
Select IP Restrictions → General
Select Test My IP to view your current IP address.
Add your current IP address to prevent being locked out and select Save
Allowed IP Addresses
Once enabled, only IP addresses saved within Shepherd will be permitted to login. Users accessing from non-approved IP addresses will be denied access. If you don't know your IP address, select Test My IP. If you want to add this IP to the Allowed IP Address list, select Yes, add this IP and then Confirm.
Only IPv4 addresses are supported.
Unauthorized Access Attempts
Unauthorized Access Attempt Alerts (Optional)
To receive alerts when unauthorized login attempts occur:
Navigate to Admin → Users → IP Restrictions → Unauthorized Login Attempts.
Under Send Unauthorized Access Attempt Alerts, enter one or more email addresses.
All recipients will be notified when a blocked attempt is detected.
Viewing Unauthorized Login Attempts
Unauthorized logins are logged automatically.
Logs include the timestamp and blocked IP address.
You can access this under Admin → Users → IP Restrictions → Unauthorized Login Attempts.