HeesunP.59253 (Customer) asked a question.
IP address (range) for SCIM API call - Is it the same as Okta tenant IP address (range)?
I am trying to implement SCIM set up between Okta and SAS Viya on AWS EKS Cluster. Due to our security policy, I cannot open up my deployment to Internet. I think I narrowed down the Okta tenant IP address range, where I initiated SCIM API call (it is "34.236.241.32/29" in Preview_Cell_1). But even though I added CIDR block "34.236.241.32/29" in my cluster public allow list, SCIM API call does not go through. My question is whether SCIM API call uses the same IP address as the Okta tenant. If it is not the same, then how can I find the IP address where SCIM API call originated?
Hi Heesun Park.
Please refer to the following documentation : https://support.okta.com/help/s/article/What-IP-addresses-ranges-should-we-whitelist-for-inbound-traffic-i-e-REST-API-calls-from-Okta-to-on-prem-JIRA-server?language=en_US
What IP addresses/ranges should we whitelist for inbound traffic?
Applies To
Answer
Okta unfortunately cannot maintain a specific list of each IP address to whitelist for inbound traffic, as such a list would constantly be changing due to provisioning additional servers. However, whitelisting Amazon Web Service's CloudFront IP range will ensure that inbound traffic is accepted.
Full list of Okta Domains and Up-To-Date AWS IPs used by Okta can be found here along with additional information.