GregH.00578 (Customer) asked a question.
Admin sessions being denied due to IP Roaming - what destination URL to I need to bypass on the proxy?
We have some limited Admin functions delegated to our clients for a specific app. Their proxy uses dynamic IP addressing, so their Admin users keep getting denied due to IP roaming. In order to resolve this, our client's Network team needs to know what URLs to bypass on this proxy. We are seeing <mytenant>.okta.com, <mytenant>-admin.okta.com and others appear to be Okta Content Delivery URLs (*.okta.cdn.com or similar).
Can anyone confirm what they need to bypass?
Hi @GregH.00578 (Customer) , Thank you for reaching out to the Okta Community!
We don't have a list for proxy bypass, but the Okta Allow-list document lists the OKTA/third-party domains being used. Maybe that helps.
That being said, if the issues you are seeing are caused by the Admin's IPs changing, I think the only way to prevent this is by setting up a Network Zone that contains the acceptable IPs in the Okta authentication policies.
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--
The new Okta Help Center YouTube channel is your go-to resource for tips, troubleshooting, and best practice videos. Subscribe today.
Join the Online Discussion for Ask me Anything on March 25, 2025: Identity Threat Protection with Okta AI