Manage trusted domains

Trusted domains specify the set of domains Access Gateway allows for redirects. Using trusted domains, attempts to hijack redirects are prohibited and only known, trusted sites are allowed.

The term trusted origin is used in the Okta console, while trusted domain is used in the Access Gateway Management console.

During this task you will:

Trusted domains are enabled by default in Access Gateway deployments of v2020.8.3 and later.

Trusted domains are disabled by default when upgrading from earlier versions to maintain existing system behavior.

Enable/Disable trusted domains

To enable or disable trusted domains:

  1. Select 1 at the main menu to enter the Access Gateway Network Setup submenu.

  2. Select 9 from the network menu to open the Manage Trusted Domains submenu:Manage Trusted Domains (status: Enabled/Disabled) 1 - Enable/Disable trusted domain 2 - View trust domains x - Exit
  3. Enter 1 to toggle the Enable/Disable trusted domains setting.

View trusted domains

  1. Select 1 at the main menu to enter the Access Gateway Network Setup submenu.
  2. Select 9 from the network menu to open the Manage Trusted Domains submenu:
  3. Enter 2 to view trusted domains. The list of trusted domains appears.
    UP/DOWN/HOME/END - scroll list x - exit trusted-one.domain.com trusted-two.domain.com . . . trusted-n.domain.com . . .

    The view option is still present but displays a warning if an attempt is made to view trusted domains when disabled.

  4. Enter x to exit.
    The Manage Trusted Domains menu appears and shows the current status for trusted domains.

View trusted domains from the Okta console

  • Trusted domains are synchronized with your Okta tenant. To view trusted domains in your Okta tenant :
    1. Sign in to your Okta tenant as an Admin.
    2. In the Admin Console, go to SecurityAPI.
    3. Select the Trusted origins tab.
  • The private domains of all applications as listed in the Protected Web Resource field.

    All application domains are synchronized with your Okta tenant as applications are added.

    Protocol and path information is not part of the domain.