Whitelisting assertions from Okta Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Keith RegisterKeith Register 

Whitelisting assertions from Okta

Are the IP addresses contained in this link the same I would whitelist in an application in order to receive SAML assertions being sent from Okta? The article talks more of outbound calls to Okta rather than calls from Okta to service providers.  https://support.okta.com/help/Documentation/Knowledge_Article/Configuring-Firewall-Whitelisting-89944588

Andrei AldeaAndrei Aldea (Okta, Inc.)

Hi Keith,

The article you included provides a list of IPs that need to be whitelisted if your server policy does not allow outbound communications to any IPs/sites. Whilelisting them ensures that your users will not encounter any issues reaching your Okta org.

When a user accesses an application from the Okta side (or via SP-initiated login flow if that's supported by the app), their request will contain both the local user's IP as well as one of the IPs in the same list you provided.

So for both inbound and outbound traffic, the IP list for Okta should be the same.

Andrei Aldea
Technical Support Engineer
Okta Global Customer Care

Keith RegisterKeith Register

Thank you for the response. Does this include the API calls made by Okta when trying to do provisioning to a Service Provider?