Customer who is using Tanzu SaaS services (like "Tanzu mission control" or "Tanzu application catalog" etc) and they don't want to give access of those SaaS service from all devices/destinations. Adding to it, they only want their employee to use Tanzu SaaS service from organisation managed devices or through their network. 

In that case we can restrict the access to Tanzu SaaS service from anonymous IPs/network.

Applicable to all Tanzu SaaS service which are accessible through Tanzu cloud service portal (https://console.tanzu.broadcom.com)

Customer can follow below steps to block the access to Tanzu SaaS services:-

1) First open Tanzu cloud service portal (TCSP)  https://console.tanzu.broadcom.com

2) Navigate to Organisation >> Authentication Policy . Below link will redirect you to "Authentication policy" on TCSP. 

https://console.tanzu.broadcom.com/csp/gateway/portal/#/organization/auth-policy/ip-restrictions

3) There you have two option to block the access. Either to provide only Allow IPs (which will give access only to those IPs) or else provide Block IPs (which will block access for those IPs, rest all IPs can access). Below is the screenshot of Allow IPs page where we can add multiple IPs/segment to provide access to them.

4) Add all the IPs/segment for access restriction and then wait for few minutes. 

5) After that if one will try to access the Tanzu SaaS service from IP which is restricted then TCSP will block that user to access the portal and will show page as below.

Note: Only Org admin can apply this change over TCSP.