diff --git a/app/controllers/registrar/sessions_controller.rb b/app/controllers/registrar/sessions_controller.rb
index 4ba6501f1..1a8b195ee 100644
--- a/app/controllers/registrar/sessions_controller.rb
+++ b/app/controllers/registrar/sessions_controller.rb
@@ -53,7 +53,7 @@ class Registrar
     end
 
     def id
-      @user = ApiUser.find_by_idc_data(request.env['SSL_CLIENT_S_DN'])
+      @user = ApiUser.find_by_idc_data_and_allowed(request.env['SSL_CLIENT_S_DN'], request.ip)
 
       if @user
         sign_in(@user, event: :authentication)
@@ -87,7 +87,11 @@ class Registrar
         return
       end
 
-      @user = find_user_by_idc(response.user_id_code)
+      if Setting.registrar_ip_whitelist_enabled
+        @user = find_user_by_idc_and_allowed(response.user_id_code)
+      else
+        @user = find_user_by_idc(response.user_id_code)
+      end  
 
       if @user.persisted?
         session[:user_id_code] = response.user_id_code
@@ -112,7 +116,7 @@ class Registrar
         when 'OUTSTANDING_TRANSACTION'
           render json: { message: t(:check_your_phone_for_confirmation_code) }, status: :ok
         when 'USER_AUTHENTICATED'
-          @user = find_user_by_idc(session[:user_id_code])
+          @user = find_user_by_idc_and_allowed(session[:user_id_code])
           sign_in @user
           flash[:notice] = t(:welcome)
           flash.keep(:notice)
@@ -149,6 +153,18 @@ class Registrar
       ApiUser.find_by(identity_code: idc) || User.new
     end
 
+    def find_user_by_idc_and_allowed(idc)
+      return User.new unless idc
+      possible_users = ApiUser.where(identity_code: idc) || User.new
+      possible_users.each do |selected_user|
+        if selected_user.registrar.white_ips.registrar_area.include_ip?(request.ip)
+          return selected_user
+        end
+      end
+    end
+
+
+
     def check_ip_restriction
       ip_restriction = Authorization::RestrictedIP.new(request.ip)
       allowed = ip_restriction.can_access_registrar_area_sign_in_page?
diff --git a/app/models/api_user.rb b/app/models/api_user.rb
index 5e20db24a..ce32c4045 100644
--- a/app/models/api_user.rb
+++ b/app/models/api_user.rb
@@ -51,6 +51,20 @@ class ApiUser < User
 
       find_by(identity_code: identity_code)
     end
+
+    def find_by_idc_data_and_allowed(idc_data, ip)
+      return false if idc_data.blank?
+      identity_code = idc_data.scan(/serialNumber=(\d+)/).flatten.first
+
+      return false if ip.blank?
+      possible_users = where(identity_code: identity_code)
+      possible_users.each do |selected_user|
+        if selected_user.registrar.white_ips.registrar_area.include_ip?(ip)
+          return selected_user
+        end
+      end
+    end
+
   end
 
   def registrar_typeahead