Overview

If you see an access block that says “IP address not being allowed” when loading your Khoros Care URL, your Care instance likely has IP allow listing enabled and your current public/outbound (egress) IP address is not on the allow list.

In some environments, the failed access attempt can also trigger a browser prompt titled “ThreatPulse Proxy Credentials”. (This prompt is typically presented by an enterprise web proxy on your network path, not by Khoros Care itself.)

Because allow list changes are managed by Khoros, you’ll need to collect the correct egress IP information and send it to Support so it can be added.

<supportagent>

Agent note: Customer-visible messaging may include “IP address not being allowed” and/or “ThreatPulse Proxy Credentials”. In Care, IP allowlisting is a Support-managed configuration; customers typically cannot self-serve.

Quick checks / actions

• If a customer reports it “worked for some users but not others,” suspect multiple proxy/VPN egress IPs and ask for all egress IPs (or CIDR ranges).
• When the customer provides a single IP, you can treat it as a /32 CIDR (example: 203.0.113.10/32).
• Document before/after entries and keep a screenshot for traceability.
• If you have Care admin access, update entries in Admin > Configuration Dashboard > IP Whitelist.

</supportagent>

Solution

Symptoms

• You cannot reach your Khoros Care login page, and you see “IP address not being allowed”.
• You may also see a browser prompt titled “ThreatPulse Proxy Credentials”.

1) Confirm you are testing from the affected network path

• Test from the same location/network where the issue happens (for example: corporate office network, corporate VPN, or the specific proxy/gateway).
• If possible, compare with a different network (for example: home internet or mobile hotspot). If it works there but not on the corporate network, that strongly suggests an IP allow list or network-proxy restriction.

2) Identify your public egress IP address(es)

• From the affected network path, ask your network/security team for the public egress IP address(es) (or CIDR ranges) that your users will be coming from.
• If your organization uses multiple proxy nodes, multiple office locations, or multiple VPN gateways, collect all possible egress IPs/ranges. Missing an egress IP is a common reason the issue appears to “come back” for a subset of users.

Example formats to provide

• Single IP: 203.0.113.10
• CIDR range: 203.0.113.0/24

3) Contact Khoros Support to update the allow list (open a Support ticket)

Send Support the information below so the allow list can be updated:

• Your Care instance URL (example format): https://<your_instance>.response.lithium.com/account/login
• The exact public egress IP(s) and/or CIDR ranges to add
• The date/time (with timezone) of a recent failed attempt
• A screenshot of the block page and/or the “ThreatPulse Proxy Credentials” prompt (if available)

4) Validate

• After Support confirms the allow list has been updated, retry from the same affected network path.
• Expected outcome: the Care login page loads normally and you can proceed to sign in.

If it still fails

• Re-check that you are still using the same network path (VPN/proxy on/off changes the egress IP).
• Re-check whether users are egressing from additional IPs (for example, a different proxy node or office site).

References

1. Securing your Khoros Care environment
2. Configure your firewall to work with Khoros Care
3. Care static IP addresses