You can add or change authentication source access rules which allow or deny user access to an SSO Agent IdP based on the user IP address. Authentication source access rules apply only to SSO Agent IdPs configured as an authentication source for automatic use in the application portal.
Before you begin
- You must be a Super Admin in the Cloud Administration Console.
- You already configured one or more IdPs.
The Authentication Source Rules page is in the wizard for adding an IdP.
- Navigate to the Authentication Source Rules page.
- In the Cloud Administration Console, click Users > Identity Provider.
- Click Edit corresponding to the IdP whose access rules you want to change. The Basic Information page appears for the selected IdP.
- Click 3. Authentication Source Rules. The Authentication Source Rules page appears.
- Specify parameters for one or more IP address ranges within your network that will authenticate using this IdP. If you do not set any authentication source rules, the portal applies the default rule allowing users from any IP address to access the IdP for authentication.
- From the Attribute drop-down list, select IpAddress.
- From the Operation drop-down list, select In Range.
- In the Value field, enter an IP address range such as 10.0.0.0:255.0.0.0.
- From the Effect drop-down list, select Allow Access or Deny Access.
- From the Policy Combination drop-down list, select the Policy Combination to apply to rule evaluation.
Policy Combination Option Description Deny Overrides (Default) Deny takes precedence over allow. Rule processing stops as soon as a deny is matched. This is the most restrictive option. Permit Overrides Allow takes precedence over deny. Rule processing stops as soon as an allow rule is matched. This is the least restrictive option. First Applicable Rule processing stops as soon as any rule is matched.
- (Optional) Click Add and repeat steps 2a through 2d to specify additional IP ranges.
- Click Save and Finish to exit the wizard.
- (Optional) Click Publish Changes to activate the settings immediately.
After you finish
Ensure the IdP is configured as an authentication source.