Iconik Shield is an Iconik Enterprise security feature that puts administrators in control of access, visibility, and external sharing across their Iconik account. With Shield enabled, you can lock down who connects, monitor what happens, and govern how content is shared outside your organization.
Iconik Shield includes the following features:
- IP Allow List — Ensure only trusted networks can access your Iconik account
- Email Allow List — Ensure only approved email addresses and domains can authenticate when accessing shared content
- User Audit Log Streaming — Feed user activity to your SIEM in near real-time for faster threat detection and incident response
Iconik Shield can be turned on/off and administered through the Iconik Admin interface by Enterprise users.
IP Allowlist
When the IP Allowlist is enabled, it allows users to access Iconik only from a list of IP addresses or CIDR prefixes. The filtering can be applied to an individual user, Groups (legacy), Teams, or your Iconik account globally. This allows for the following scenarios:
- Limit which IP addresses users can access Iconik from.
- Restrict users in a Group (legacy) or Team so they can only access from a specific network.
- Restrict your Iconik account to only certain IP addresses, such as your company firewall or gateway.
- Restrict individual users to only access through your company network to lock down high-privileged accounts.
The Allowlist works both with the GUI frontend and for access using the API.
To administrate the IP Allowlist, use the Iconik Admin interface.
Email Allow List
Magic Links Email Allowlisting allows administrators to specify which email addresses or domains are permitted to authenticate via magic links when accessing shared content. This controls external access to shares by ensuring only recipients from approved addresses or domains can verify their identity.
This works for both viewing and uploading to shares.
User Audit Log Streaming
Log streaming allows you to consume Iconik’s audit log as a stream via a cloud-based message bus so that you can forward it on to your own security information and event management (SIEM) system.
You can set up multiple recipients, and we currently support the following message buses:
- Amazon AWS SQS
- Google Cloud Pub/Sub
The user audit log streaming provides the following benefits:
- Logs are fed in near real-time, so you can react to threats in a timely manner
- Admins can monitor and review a log of all user actions within their Iconik system
- The added ability to stream and back up the audit log into your own infrastructure
An audit log message is delivered to the message queue as JSON data. Below is an example of a user accessing an asset.
{
"app_id": "c35732ce-9a25-11f0-9866-f2611b6fc1c9",
"client_ip": "172.16.2.3",
"date": "2025-09-25",
"id": "888566ac-9a25-11f0-b180-ae753f5a5fbc",
"is_acting_as_user": false,
"metadata": null,
"operation_result": 200,
"operation_type": "POST",
"original_user_id": null,
"payload": null,
"request_id": "91d0906b2150334daa293d3d5a6bd130",
"resource": "/assets/v1/assets/e89a0e32-c0ef-11ee-8b86-9a50ccb6beba/",
"share_id": null,
"share_user_id": null,
"sudo": false,
"system_domain_id": "d680f95c-9a25-11f0-b569-f2611b6fc1c9",
"system_name": "iconik-us",
"time": "2025-09-25T15:37:24.342443Z",
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36",
"user_id": "01b94f5c-9a26-11f0-b569-f2611b6fc1c9"
}
Iconik Shield is administrated through the Iconik Admin interface. It is available to Enterprise customers only.