IPs or CIDR range for SFTP upload

We’re setting up a workflow to upload basic user profile data from a table to a SaaS vendor, an SFTP destination.
Does the Okta workflow app for egress use the same IPs defined under the okta.com cell I see on our tenant?
The destination system needs to whitelist the IPs or CIDR range.

Thanks

Hi @rcortez: welcome to the forum!

Do you mean this Egress integration?

This is an Okta integration (it’s not a Workflows connector).

Maybe the Allow access to Okta IP addresses page will help?

Hi,

I’m using the workflow SFTP connector, with a username and private key I’ve created.

I’ll try the Okta IPs. Thanks

Could you share a flow screenshot? What happens when you run it?

The connector isn’t in a flow yet.

I’m on the Connections tab creating / reauthorizing which gives this error.

cannot POST /app/api/config/205368/test (504)

I suspect the admin at the SFTP destination hasn’t added the IPs I sent yesterday, tied to our Okta tenant, https://support.okta.com/help/s/article/which-are-the-corresponding-ip-ranges-for-okta-cells?language=en_US

Yes, that could be the source of the error.

Just for testing, did you try connecting to the FTP server outside of Workflows?

I haven’t tested outside of workflows, I suspect no issues since their service is used with other partners. I’ll try anyway.

Using a test flow with an HTPP Get, I am able to see in the return an IP that is on Okta’s published list of ranges under my Okta tenant.

I suspect the IP can change each time the flow runs. So on the safe side the SFTP system will need to add all ips listed under the cell for my Okta tenant?

So on the safe side the SFTP system will need to add all ips listed under the cell for my Okta tenant?

Yes, the request can be served from any of the listed IP addresses for that cell. However, it will always be one of those listed IPs.