Please have a look at the document shared on IPP @ https://success.outsystems.com/support/licensing/outsystems_intellectual_property_protection_ipp/

You can see that "By default, the IPP is unprotected, which means your application can be deployed to other infrastructures. To request your IPP be protected, contact support.". So please reach out to OutSystems Support.

Hi,

first of all, we need to understand follows..

Operational Mechanism

• During initial infrastructure setup, IPP operates in the IPP Unprotected state by default. If necessary, it can be changed to IPP Protected through support. (Licenses issued after April 2021 are set to IPP Unprotected by default.)

• Apps in the IPP Protected state will throw an error in Service Studio when attempting to open a file, preventing it from being imported.

• Using the IPP Portal, apps can be deployed to other infrastructures.

• Apps created in enterprise environments, whether Protected or Unprotected, cannot be transferred to personal environments.

How the IPP Portal works:

• The IPP Portal does not verify source or target permissions and only requires a Destination Activation Code for deployment.

• As a result, the external developer was able to deploy the app by inputting Other company's Activation Code.

• The IPP Portal is designed to streamline the app deployment process and does not verify whether the user has the necessary permissions.

• This allowed the app from Company A's infrastructure to be deployed to Company B's infrastructure without authorization.

So if you want to prevent such operation, You can implement the following actions:

• Proactive measures:

  • Request to blacklist your company's Activation Code to block any deployments from your environment.

• Reactive measures:

  • Request the IPP Portal activity logs:
    Review all records of deployments from your environment to identify any transfers to unauthorized environments (e.g., Company B, C, D, etc.).
    
    

Hope this will help you.