Our SCIM server is protected by an AWS Web Application Firewall. We’ve added Okta’s published list of IP addresses to the whitelist, but we’ve already had the IP addresses change on us, causing issues.
What’s the best way to dynamically update our firewall with the latest IP addresses from Okta? I haven’t been able to figure out a specific Okta notification (if one exists) to target.
Also, I’m not clear on the scope of the following instruction from Okta: “Allowlisting Amazon Web Services CloudFront IP range will ensure that inbound traffic is accepted.”
Does that mean “Just allow all CloudFront IP addresses through your firewall and you’ll get the Okta ones for free”? Or is it suggesting a more targeted approach to just Okta IP addresses?
Thanks for the help on this!