The home secretary said the measure would improve national security.
As part of the Counter-Terrorism and Security Bill, providers would have to retain data linking devices to users.
But campaigners warned it could see the revival of the so-called "snoopers' charter" - a previous attempt to bring in wide-ranging web monitoring powers.
The Home Office says the new measures would help police and security services identify:
|The Devil in the Data|
Terror suspects and child sex offenders communicating over the internet
Each device has such an address, but they can change - such as when a modem is switched off and then on again - and are usually shared between different users.
Internet service providers currently have no business reason for holding data showing which IP address was allocated to a device at a given time, meaning it is not always possible for police and security services to match individuals to internet use, the Home Office said.
Speaking to the BBC's Andrew Marr show, Mrs May said the new bill would help security services "deal with the increased threat that we now see".
"This is a step but it doesn't go all the way to ensuring that we can identify all the people we will need to," she said.
To "fully identify" everybody, she said police would need the power to access communication data, as previously proposed in the Communication Data Bill.
That bill - labelled a snooper's charter by critics - was scrapped following Lib Dem opposition.
It would have forced companies to keep data about people's online conversations, social media activity, calls and texts for 12 months.
|The Lib Dems said leader Nick Clegg had |
"repeatedly asked" for the IP address proposals
"The devil will be in the detail but it's going to be difficult no matter how they do it," he said.
"It looks like it could catch people who post annoying things on Twitter or not very nice things on social media - but not those who know how to hide their online activities.
"It's not a sensible thing to have decided to do without consulting us first."
'Unworkable and disproportionate'
The Liberal Democrats welcomed Mrs May's announcement but ruled out agreeing to the "much wider and disproportionate proposals" previously mooted.
MP Julian Huppert said: "The real question is why the home secretary has dragged her feet on this technical measure that would have actually saved lives... while still trying to push ahead with much larger and much more intrusive measures that have much less benefit in keeping us safe."
A spokesman added: "There is absolutely no chance of that illiberal bill coming back under the coalition government - it's dead and buried."
But Conservative MP and one-time leadership hopeful David Davis said the new measure was a "stepping stone back" to those proposals.
|David Davis on the Andrew Marr show|
Davis said Theresa May saw the bill as a "route back into the whole snoopers' charter"
Meanwhile Keith Vaz, chairman of the Home Affairs Select Committee, said internet service providers should do more to tackle extremism online.
"We can't expect the government to sit there and be monitoring this all the time," he told BBC News. "The best people to do this are the providers themselves."
Asked if the proposals were a "step in the right direction", Met Police Commissioner Sir Bernard Hogan-Howe said: "I believe so."
But he added: "My job is to help keep people safe. To get that balance between security and privacy is Parliament's job."
Labour said giving police powers to access IP addresses should be accompanied by "appropriate oversight providing sufficient checks and balances".
Shami Chakrabarti, director of campaign group Liberty, said: "There's no problem with the targeted investigation of terrorist suspects, including where it requires linking apparently anonymous communications to a particular person."
"But every government proposal of the last so many years has been about blanket surveillance of the entire population... So, forgive us if we look for the devil in the detail of this new bill."