Frequently Asked Questions
On this page you can find a list of frequently asked questions about the CyberDrain Improved Partner Portal (CIPP). If you're having specific issues with CIPP please also check the Troubleshooting page.
How much does CIPP cost to run?
Assuming you're running on the click-to-deploy configuration and average usage patterns it should cost $15 - $20 or £17 - £22 per month. You can check the costs, and estimated costs, for the resource group on the Azure Portal.
Please note it is your responsibility to ensure you are keeping an eye on costs within your instances.
Can I use IP whitelisting?
Yes. CIPP can use IP whitelisting. This feature is in preview at Azure and might break at any moment. Deploying this is down at your own risk. For the latest documentation on how to perform this check here
Can I add Conditional Access to my CIPP App?
To add Conditional Access to CIPP, follow the below steps:
Go to your Conditional Access Policies
Select which users to apply the policy to, default suggestion is "All Users"
Select Azure Static Web Apps as the included app under "Cloud Apps or actions"
Configure any condition you want. For example Trusted Locations, specific IPs, specific platforms.
At Access Controls you must enable Grant, with MFA access.
Select Save
Your app is now protected with Conditional Access.
I'm getting an error that "you must use multi-factor authentication to access" what's going on?
Typically this error means you're using tokens that don't have a "strong auth claim" or similar. This could be because you're using non-Azure AD MFA or you didn't complete MFA when creating your tokens for one or more of the authentication steps. Make sure you're using a supported MFA method and that you've completed the MFA steps when creating your tokens.
Check the MFA Troubleshooting section in the Troubleshooting page for more information.
My usernames or sites are GUIDs or blank?
Please see the standard "Enable Usernames instead of pseudo anonymised names in reports" here
Why can't I install CIPP using the "Deploy to Azure" button?
If you're experiencing issues with installation please report these in #cipp-issues on the CIPP Discord
Why can't I get details for a particular tenant / any tenants?
You have a guest account in a tenant that has the same User Principal Name (UPN) as you used to generate your tokens.
Conditional access is blocking the correct functioning of the tokens - check your CA policies and also make sure you're not geo-blocking the function app's location.
You can't use third party MFA on the account used to generate Secure Application Model (SAM) tokens.
If your entire tenant list doesn't load, there is a big chance there is something wrong with your token configuration. Check the troubleshooting page for more information. If you are missing your own tenant, make sure you enable the flag to manage this tenant.
Can I lock down my instance of CIPP further by using Private Networks?
To protect CIPP as a private resource, that's only reachable over a Virtual Private Network (VPN) or IP allowlisting you can use Private Endpoint Connections.
To enable Private Endpoints you must already have an Azure VNet available, and understand how VNets work.
Go to CIPP
Go to Settings
Select Backend
Select Go to role management
Select Private Endpoints
Select Add
Setup your VNet information
CIPP is now no longer available publicly over the internet.
My tenant requires admin approval for user apps, how do I do this for CIPP?
If your Azure Tenant requires admin approval for user apps, add consent by following the below steps:
Find Azure Static Websites
Grant Admin Consent for all
This permits users the ability to grant consent when access CIPP now.
Can I replace the default branding with my own in CIPP?
No, CIPP's branding is compiled into the code. Additionally the branding isn't just a decorative feature, it plays a role in helping maintain visibility and community growth. However, a custom logo can be added to reports. This can be done in the User Settings page.
Last updated