Allow access to Okta IP addresses
An IP allow list is used to provide access to selected IP addresses and programs that your network server policy could typically block.
- If your server policy allows all outbound HTTP and HTTPS communication to any IP address or website, you do not need to make any changes.
- If your server policy denies access to most or all external IP addresses and websites, you must configure an allow list to enable some features to work.
For domain, port, and troubleshooting information, see Implementation details.
Okta IP addresses
For proper connectivity to Okta for all Okta agents and end users, add Okta system IP addresses to your allow list based on this AWS-managed list:
The most recent update to this list for existing environments occurred on March 3rd 2022 and the list includes all existing IP addresses and any new IP addresses reserved for future updates.
If your organization configures an allow list for domain names, be sure to add awsglobalaccelerator.com to that domain name allow list. This domain name is in addition to any existing domain names you have already configured.
IP addresses in this list are grouped by the following:
- Production (
us_cell_1 - us_cell_7
,us_cell_10 - us_cell_12, us_cell_14)
- Production EMEA (
emea_cell_1
) - Production EMEA (
emea_cell_2
) - Production HIPAA (
us_cell_5
,us_cell_10
) - Production APAC (
apac_cell_1
) - Preview (
preview_cell_1 - preview_cell_3)
- Preview EMEA (
preview_cell_2
)
We recommend viewing this file with an online JSON viewer of your choice. The Okta IP range allow list can also be obtained by super admins who need to maintain the IP allow list.

Okta allow listed IP addresses may need to be added to your inbound firewall rules for Okta to communicate successfully with any installed agents that are located on your internal network.
Implementation details
Review the information in this section to learn how to configure and implement allow listing for your org.