Add identity provider domains to an exception list

Depending on the type of identity provider (IdP) that you set up, you need to add specific domains to an exception list and assign the list to the appropriate policy. This allows domains that are used by your IdP to bypass ETP.

How to

  1. In the navigation menu, select Configuration > Lists.
    Note: If you are trying the new Enterprise Center interface, in the navigation menu, select Policies > Lists.
  2. On the Custom Lists page, click the plus sign icon, and select New Custom Exception List.
  3. Enter a name and description for the list.
  4. In the Exception List Domains tab, enter the domains that apply to your identity provider.
    Identity Provider Type Domain or URL
    Okta
    • <your-account>.okta.com

      where <your-account>.okta.com is the domain that your organization uses for Okta.

    • okta.report-uri.com
    • oktacdn.com
    PingOne
    • sso.connect.pingidentity.com
    • js-agent.newrelic.com
    • bam.nr-data.net
    • login.pingone.com
    Active Directory Federation Services (AD FS) for Third-Party SAML https://<adfs_server>/adfs/ls

    where <adfs_server> is the FQDN of your AD FS server or AD FS portal.
    Microsoft Azure AD for Third-Party SAML
    • aadcdn.msauth.net/
    • microsoftonline.com
  5. Click Save.

Next steps

Assign the exception list to the policy where you assigned the identity provider. For instructions on assigning a list to a policy, see Add a Block list to a policy.