Mattermost v9.4

Mattermost v9.4: IP filtering, bring your own key & cloud-native compliance exports in Mattermost Cloud Enterprise

Mattermost v9.4 includes several new features designed to significantly enhance digital security and compliance, including the introduction of IP filtering, bring your own key (BYOK) for data control, and cloud-native compliance export. 

IP filtering tightens access control, BYOK offers greater data protection through personalized encryption, and streamlined compliance reporting ensures adherence to regulatory standards. 

These features collectively boost operational efficiency, provide robust security, and ensure regulatory compliance, empowering Mattermost customers to operate with confidence and peace of mind in secure digital environments.

IP filtering: Enhanced control and security

One of the additions in this release is the introduction of IP filtering for Mattermost Cloud Enterprise. This feature is particularly beneficial for organizations transitioning from an on-premises setup where access control is typically managed through VPNs and network traffic management systems.

Key benefits

  • Access control. With the new IP filtering feature, Cloud administrators can now define specific IP addresses and ranges. This means you can create a whitelist of locations from which Mattermost can be accessed, such as your head office, branch offices, or VPN gateways.
  • Enhanced security. Any access attempt from locations not on the IP filter list will be automatically rejected, adding an extra layer of security to your communications.

Bring your own key (BYOK): Data control

When running Mattermost on-premises, customers have full control over their data and can set their own encryption keys. In parallel, they can rotate, revoke, and monitor how their encryption keys are being accessed to encrypt and decrypt messages and files in Mattermost. 

With Mattermost v9.4, Mattermost Cloud Dedicated will support BYOK with Amazon’s Key Management Service (KMS). 

Key benefits

  • Complete control over encryption keys. You can use your own encryption keys, giving you full control over your data stored in Mattermost.
  • Monitoring and revocation capabilities. Administrators will have the capability to monitor how encryption keys and data are accessed and can revoke access in a detailed and controlled manner.
  • Compliance and security. BYOK ensures that you meet high compliance requirements and maintain complete control over your data.

If you’re part of a large enterprise with compliance requirements or working in a highly regulated industry, using Mattermost Cloud Dedicated with BYOK ensures full data control.

Cloud-native compliance export

The new cloud-native compliance export feature in Mattermost v9.4 simplifies the integration of compliance exports into your existing systems.

Key benefits

  • S3 bucket storage. You can now store compliance exports directly to your own S3 bucket. 
  • Seamless integration. This allows for easier integration with eDiscovery and data loss prevention (DLP) software, streamlining your data management processes.

Connect with Mattermost 

To learn more about how these new features can benefit your organization or to discuss your specific needs, please don’t hesitate to reach out.


How do I set up IP filtering on Mattermost Cloud?  

IP filtering can be configured by System Administrators through the System Console of your Cloud workspace. For more in-depth information on the configuration, read our documentation.

How do I completely reset IP filtering?  

If you find the need to completely remove any set IP filters from your Cloud workspace, your workspace owner can navigate to the Mattermost Customer Portal where they’ll see a menu option for “IP Filtering.” Clicking that menu option should reveal a button to disable all IP filters from your workspace.

Can I set multiple IP ranges for access?

Yes, absolutely. Our IP filtering feature enables the creation of multiple CIDR-based IP ranges, providing flexibility for system administrators to include various authorized IPs or IP ranges for seamless access control.

What happens if someone tries to access our workspace from an unauthorized IP?

Users attempting to access the workspace from IPs outside the defined ranges will be restricted from entry. They will be redirected to a screen telling them their access has been denied.

I am an existing Mattermost Cloud Dedicated customer, can I adopt BYOK?

BYOK is available to all of our Mattermost Cloud Dedicated customers. Please reach out to your Technical Account Manager to initiate the process. 

How can I enable this feature for my Mattermost Cloud Dedicated workspace if I am a new customer?

Before you create a Mattermost workspace during the onboarding stage, you need to request for BYOK. That way, we can create your Mattermost workspace and data storage with your own encryption key. For more in-depth information on the configuration, read our documentation.

If I am not using AWS, is BYOK still supported?

Yes. You can bring your own encryption key and we will store it in our AWS KMS and AWS account. If you choose this option, you won’t be able to monitor your encryption keys’ lifecycle and operations directly.

Spiros Economakis is Director of Product Operations at Mattermost, Inc.