diff --git a/.github/workflows/ephemeral-deploy.yaml b/.github/workflows/ephemeral-deploy.yaml
index 12986859..7418d11d 100644
--- a/.github/workflows/ephemeral-deploy.yaml
+++ b/.github/workflows/ephemeral-deploy.yaml
@@ -36,6 +36,11 @@ on:
         type: string
         description: "Location of resources in Azure"
         default: "centralus"
+      ingressWhitelist:
+        required: false
+        type: string
+        description: "IP address that will be allowed to access the ephemeral deployment"
+        default: "207.67.20.252/32"
     secrets:
       azureCredentials:
         required: true
@@ -182,6 +187,10 @@ jobs:
           ingress: external
           disableTelemetry: true
 
+      - name: Add access restrictions to Container App ingress
+        run: |
+          az containerapp ingress access-restriction set --action Allow --ip-address "${{ inputs.ingressWhitelist }}" --rule-name allow-range --name "${{ needs.prepare.outputs.repositoryName }}-${{ needs.prepare.outputs.jiraTicketIdLc }}" --resource-group "${{ inputs.clusterResourceGroup }}"
+
       - name: Get Container App Hostname
         id: hostname
         run: |