White-listed URLs Overview

Context

In The Identity Hub redirection happens at different levels. To be able to keep track of the set of allowed redirection URLs an overview is available for administrators.

The overview shows for the current tenant:

• the Tenant allowed CORs
• all redirection URIs white-listed for Apps
• custom Process Logon Result URLs to which a user is redirected after the authentication to an Account provider did not succeed

For each white-listed URL a link is provided to the administration page where the URL has been configured.

White-listing the URL does not require an additional action by the administrator, the appropriate URLs configured by an administrator are white-listed when they are set for the first time.

In case a redirect action is not allowed, the user will not receive any message revealing that the URL is not white-listed; but instead will be redirected to the most appropriate page within The Identity Hub.

Those redirect URLs that are blocked are logged in the Hub Audit log and can be seen in the Logs

Note

The redirection URLs used by a specific account during authentication and inherent to the account provider are not visible here as they are not set or configured due to an action taken by an administrator. They are considered as part of the core functionality of The Identity Hub.