You can add or change authentication source access rules which allow or deny user access to an IDR SSO Agent IdP based on the user IP address. Authentication source access rules apply only to IDR SSO Agent IdPs configured as an authentication source for automatic use in the application portal.

1. Navigate to the Authentication Source Rules page.
   1. In the Cloud Administration Console, click Users > Identity Provider.
   2. Click Edit corresponding to the IdP whose access rules you want to change.
      The Basic Information page appears for the selected IdP.
   3. Click 3. Authentication Source Rules.
      The Authentication Source Rules page appears.
2. Specify parameters for one or more IP address ranges within your network that will authenticate using this IdP.
   If you do not set any authentication source rules, the portal applies the default rule allowing users from any IP address to access the IdP for authentication.
   1. From the Attribute drop-down list, select IpAddress.
   2. From the Operation drop-down list, select In Range.
   3. In the Value field, enter an IP address range such as 10.0.0.0:255.0.0.0.
   4. From the Effect drop-down list, select Allow Access or Deny Access.
   5. From the Policy Combination drop-down list, select the Policy Combination to apply to rule evaluation.

   Policy Combination Option	Description
   Deny Overrides	(Default) Deny takes precedence over allow. Rule processing stops as soon as a deny is matched. This is the most restrictive option.
   Permit Overrides	Allow takes precedence over deny. Rule processing stops as soon as an allow rule is matched. This is the least restrictive option.
   First Applicable	Rule processing stops as soon as any rule is matched.

3. (Optional) Click Add and repeat steps 2a through 2d to specify additional IP ranges.
4. Click Save and Finish to exit the wizard.
5. (Optional) Click Publish Changes to activate the settings immediately.