Issues with email delivery occur if an allowlist is configured in the infrastructure without the correct IP addresses. Okta uses SendGrid to send emails from the production service and provides a dedicated set of IP addresses to ensure successful email delivery. Adding these dedicated IP addresses to the infrastructure allowlist resolves email delivery issues.
- Okta Identity Engine (OIE)
- Okta Classic Engine
- Administration
- Security
- IP Address
- Firewall
- Email Notification
- Allowlist
What IP addresses should be added to the email infrastructure allowlist to ensure successful delivery?
Okta uses SendGrid for sending emails from the production service. Okta configures Domain Name System (DNS), dedicated IP addresses, and domain authentication (DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF)) in SendGrid to separate Okta senders from each other and from other SendGrid senders. Add the following dedicated SendGrid IP addresses to the infrastructure allowlist to ensure successful delivery of Okta emails.
- 167.89.110.192
- 167.89.126.180
- 167.89.14.31
- 167.89.21.169
- 198.21.5.209
- 50.31.57.204
- 159.183.193.109
- 159.183.213.105
- 159.183.213.107
- 159.183.214.96
- 159.183.213.204
- 159.183.200.101
- 149.72.233.170
- 149.72.90.103
- 192.254.124.136
Okta does not have a dedicated outbound Message Transfer Agent (MTA). SendGrid does not have company-specific outbound MTAs because such configurations are not scalable or feasible. The SendGrid services leverage colocation data centers provided by Zayo and Lumen (formerly CenturyLink), both located in the United States of America. These colocation data centers do not store any user data.
