Manage trusted domains
Trusted domains specify the set of domains Access Gateway allows for redirects. Using trusted domains, attempts to hijack redirects are prohibited and only known, trusted sites are allowed.
The term trusted origin is used in the Okta console, while trusted domain is used in the Access Gateway Management console.
During this task you will:
- Enable/Disable trusted domains - Using the Access Gateway Management console enable or disable trusted domains.
- View trusted domains - Using the Access Gateway Management console view current known trusted domains.
- View trusted domains from the Okta console - Using the Okta console view current known trusted domains.
Trusted domains are enabled by default in Access Gateway deployments of v2020.8.3 and later.
Trusted domains are disabled by default when upgrading from earlier versions to maintain existing system behavior.
Enable/Disable trusted domains
To enable or disable trusted domains:
-
Select 1 at the main menu to enter the Access Gateway Network Setup submenu.
- Select 9 from the network menu to open the Manage Trusted Domains submenu:Manage Trusted Domains (status: Enabled/Disabled) 1 - Enable/Disable trusted domain 2 - View trust domains x - Exit
- Enter 1 to toggle the Enable/Disable trusted domains setting.
View trusted domains
- Select 1 at the main menu to enter the Access Gateway Network Setup submenu.
- Select 9 from the network menu to open the Manage Trusted Domains submenu:
- Press 2 to view the list of trusted domains.
The view option is still present but it displays a warning if you try to view trusted domains when they're disabled.
- Press x to exit. The Manage Trusted Domains menu appears and shows the current status for trusted domains.
View trusted domains from the Okta console
- Trusted domains are synchronized with your Okta tenant. To view trusted domains in your Okta tenant :
- Sign in to your Okta tenant as an Admin.
- In the Admin Console, go to .
- Select the Trusted origins tab.
- The private domains of all applications as listed in the Protected Web Resource field.
All application domains are synchronized with your Okta tenant as applications are added.
Protocol and path information is not part of the domain.