You can restrict login redirects and Cross Origin Resource Sharing (CORS) requests to a specified list of IP addresses, host names (including DNS wildcards), and CIDR notation networks. By default, a single asterisk (*) means that there are no restrictions. This allows you to join multiple Safeguard for Privileged Passwords appliances together to form a cluster. In addition, you can also link to an SPS appliance.
TIP: As a best practice, change or delete this value after configuring your cluster. One Identity recommends setting it to an empty string to prevent external CORS requests and login redirects to unknown servers. You can also set it to a list of known servers that are integrated with the Safeguard API.
You can separate one or more values by a space, comma, or new line. Do not include the scheme, port, or path. The maximum length for the setting is 512 characters, including separators. For example values and more details, refer to the following table.
|
IPv4 No reverse DNS lookup will be performed. No scheme or port values are considered. |
10.5.33.37 192.168.0.2 |
|
IPv6 No reverse DNS lookup will be performed. No scheme or port values are considered. |
2001:0db8:85a3:0000:0000:8a2e:0370:7334 2001:0db8:85a3:0:0:8a2e:0370:7334 2001:db8::1:0:0:1 2001:db8::2:1 2001:db8::1 |
|
DNS/Host Names Case insensitive match. No scheme or port values are considered. If using Internationalized Domain Names (IDN), you must also manually include the punycode equivalent. |
spp.example.corp primary.spp.example.corp widget.example.corp widget |
|
DNS Wildcards Only one level to the wildcard is allowed, just like SSL certificates. No scheme or port values are considered. If using Internationalized Domain Names (IDN), you must also manually include the punycode equivalent. |
*.spp.example.corp *.example.corp |
|
CIDR Notation Any DNS or host name values being validated will have DNS lookup performed to see if any resolved IP addresses are contained within any of the specified CIDR networks. No scheme or port values are considered. |
10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 76.240.155.0/24 fd12:3456:789a:1::/64 fd00::/8 |
|
Allow All A single asterisk, no other values allowed. |
* |
|
Allow None Delete all values and leave as the empty string. |
NOTE: Consider the following:
-
When adding a new node to the Safeguard for Privileged Passwords cluster, you must either specify the node’s host name or IP address in the list, or enter a single asterisk to allow all.
-
When linking SPS to Safeguard for Privileged Passwords, you must either specify the host name or IP address of the SPS appliance in the list, or enter a single asterisk to allow all.
-
As a best practice, after clustering (or if using just a single appliance or VM), change the value of the setting to an empty string, or to a list of integration applications you want to allow.
To set up Trusted Servers, CORS and Redirects:
-
In the
web client, navigate to
(External Integration) > Trusted Servers, CORS and Redirects.
-
To update the information that is displayed, click
(Refresh).
-
In Allow Hosts, enter the list of IP addresses, host names (including DNS wildcards), and CIDR notation networks. The default value is a single asterisk (*), which means that there are no restrictions.
-
Click Save.
Real-Time Reports to see the information and options listed below.
: Navigates to today’s date. To locate other dates on the calendar, use the following navigation options:
, 
, 
, 
, 
, and 
. To jump between dates that have tasks associated with them, use the following navigation options: 
, 
, 
, and 
.
: Switches to monthly view.
: Switches to weekly view.
: Switches to daily view.
Safeguard Access.