Understanding the X-Forwarded-For Header in Okta

Administration
Okta Classic Engine
Okta Identity Engine

Overview

Okta automatically uses the public IP address of an application as the client IP address for a request. Okta supports the standard X-Forwarded-For (XFF) HTTP header to forward the originating client IP address when an application operates behind a proxy server, sign-in portal, or gateway.

Applies To

  • Okta Identity Engine (OIE)
  • Okta Classic Engine
  • X-Forwarded-For Header

Solution

How does Okta handle the X-Forwarded-For HTTP header?

Okta automatically uses the public IP address of the application as the client IP address for the request. Okta supports the standard X-Forwarded-For HTTP header to forward the originating client IP address if the application operates behind a proxy server or acts as a sign-in portal or gateway.

 

NOTE: Okta requires the allowlist in the org's network security settings to include the public IP address of the trusted web application as a trusted proxy to forward the original IP address of the user agent with the X-Forwarded-For HTTP header.

Related References

Recommended content

No recommended content found...