casdoor
diff --git a/‎docs/ip-whitelist/ip-whitelist.md
+40 b/‎docs/ip-whitelist/ip-whitelist.md
+40
diff --git a/‎sidebars.js
+8 b/‎sidebars.js
+8
diff --git a/‎static/img/ip-whitelist/app_ip_whitelist.png
4.5 KB b/‎static/img/ip-whitelist/app_ip_whitelist.png
4.5 KB
diff --git a/‎static/img/ip-whitelist/ip_whitelist.mp4
62.1 MB b/‎static/img/ip-whitelist/ip_whitelist.mp4
62.1 MB
diff --git a/‎static/img/ip-whitelist/org_ip_whitelist.png
4.76 KB b/‎static/img/ip-whitelist/org_ip_whitelist.png
4.76 KB
diff --git a/‎static/img/ip-whitelist/user_ip_whitelist.png
5.58 KB b/‎static/img/ip-whitelist/user_ip_whitelist.png
5.58 KB
@@ -0,0 +1,40 @@
+---
+title: Overview
+description: Support IP limitation for user entry pages.
+keywords: [ip, whitelist, ip whitelist]
+authors: [ZhaoYP-2001]
+---
+
+Casdoor supports the ip whitelist function of the entry page. When a user accesses the entry page (login/signup/forget-password), Casdoor will decide whether to allow the user to access the entry page based on whether the client IP is in the whitelist. Here, we will show you how to enable the option to specify the ip whitelist function of the entry page at the organization, application and user levels.
+
+## Configuration
+
+### User Level
+
+Casdoor will first determine whether the client address meets the user-level ip whitelist requirements. 
+
+If you want to specify user-level ip whitelist, you first need to add the "IP whitelist" account item on the edit page of the organization to which the user belongs. Then specify your ip whitelist by filling in the comma separated CIDR list, such as 192.168.1.0/24,25.112.0.0/16. If the ip whitelist is empty, it means there is no restriction on the client IP address.
+
+![user_ip_whitelist](/img/ip-whitelist/user_ip_whitelist.png)
+
+:::info
+
+If you forget how to customize users' **account items**, Please refer to the **[Account Customization](organization/accountCustomization.md)**
+
+:::
+
+### Application Level
+
+If the client IP address passes the organization-level check, Casdoor will proceed to perform application-level check. You can specify the ip whitelist through the `IP whitelist` configuration option on the application edit page.
+
+![app_ip_whitelist](/img/ip-whitelist/app_ip_whitelist.png)
+
+### Organization Level
+
+Organization-level check will be performed last. You can use the `IP whitelist` configuration option to specify organization-level ip whitelist.
+
+![org_ip_whitelist](/img/ip-whitelist/org_ip_whitelist.png)
+
+Here is a demo video that shows how to use ip whitelist:
+
+<video src="/img/ip-whitelist/ip_whitelist.mp4" controls="controls" width="100%"></video>
@@ -343,6 +343,14 @@ module.exports = {
         "invitation/overview",
       ],
     },
+    {
+      type: "category",
+      label: "IP Whitelist",
+      link: {type: "generated-index"},
+      items: [
+        "ip-whitelist/ip-whitelist",
+      ],
+    },
     {
       type: "category",
       label: "Syncer",