You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[Improvement]: Add a Note to Mention that IdP Connectivity (OIDC/SAML + SCIM) will not be Impacted when IP Allow List is enabled at the Enterprise Level (#56494)
Copy file name to clipboardExpand all lines: content/admin/configuring-settings/hardening-security-for-your-enterprise/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list.md
+6-3Lines changed: 6 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -23,6 +23,9 @@ redirect_from:
23
23
24
24
By default, authorized users can access your enterprise's resources from any IP address. You can restrict access to your enterprise's private resources by configuring a list that allows or denies access from specific IP addresses. {% data reusables.identity-and-permissions.ip-allow-lists-example-and-restrictions %}
25
25
26
+
> [!NOTE]
27
+
> If your enterprise uses {% data variables.product.prodname_emus %}, enabling the IP allow list does not restrict user provisioning actions performed through SAML/SCIM, OpenID Connect (OIDC) with Entra ID, or via REST API endpoints. For more information, see [AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim).
28
+
26
29
If your enterprise uses {% data variables.product.prodname_emus %} with Microsoft Entra ID (previously known as Azure AD) and OIDC, you can choose whether to use {% data variables.product.company_short %}'s IP allow list feature or to use the allow list restrictions for your identity provider (IdP). If your enterprise does not use {% data variables.product.prodname_emus %} with Azure and OIDC, you can use {% data variables.product.company_short %}'s allow list feature.
27
30
28
31
{% data reusables.identity-and-permissions.ip-allow-lists-which-resources-are-protected %}
@@ -56,8 +59,8 @@ To ensure seamless use of the OIDC CAP while still applying the policy to OAuth
56
59
{% data reusables.enterprise-accounts.access-enterprise %}
57
60
{% data reusables.profile.org_settings %}
58
61
{% data reusables.organizations.security %}
59
-
1. If you're using {% data variables.product.prodname_emus %} with OIDC, under "IP allow list", select the **IP allow list configuration** dropdown menu and click **GitHub**.
60
-
1. Under "IP allow list", select **Enable IP allow list**.
62
+
1. If you're using {% data variables.product.prodname_emus %} with OIDC, under "IP allow list," select the **IP allow list configuration** dropdown menu and click **GitHub**.
63
+
1. Under "IP allow list," select **Enable IP allow list**.
61
64
1. Click **Save**.
62
65
63
66
### Adding an allowed IP address
@@ -119,7 +122,7 @@ To ensure seamless use of the OIDC CAP while still applying the policy to OAuth
119
122
{% data reusables.enterprise-accounts.access-enterprise %}
120
123
{% data reusables.profile.org_settings %}
121
124
{% data reusables.organizations.security %}
122
-
1. Under "IP allow list", select the **IP allow list configuration** dropdown menu and click **Identity Provider**.
125
+
1. Under "IP allow list," select the **IP allow list configuration** dropdown menu and click **Identity Provider**.
123
126
1. Optionally, to allow installed {% data variables.product.company_short %} and {% data variables.product.prodname_oauth_apps %} to access your enterprise from any IP address, select **Skip IdP check for applications**.
0 commit comments