When using the Web Security Service, you must bypass the IdP provider login URLs for authentication to succeed. 

A full bypass is recommended to maximize the performance and stability of the authentication process.

Use Cases

• CORS-related issues
• To prevent authentication looping with cloud-based IdP servers
• The source device is not compatible with redirection-based authentication
• A web application API call is not compatible with redirection-based authentication.
• The cloud-based IdP server ACL restricting access from some or all the Web Security Service IP addresses.

Exempt From Authentication

1. Navigate to Identity > Authentication Policy.
2. Expand the Global Exemptions area.
3. Click Add Auth Exemption. The portal displays the Auth: New Exemption Rule.
4. Click Add Sources
   WSS Agents and Mobile Devices are static objects; selecting them to mean the exemption applies to all connections from each of those access methods.
   
   
5. (Optional) If you need to quickly exempt a source, you can create a new entry from this wizard. For example, you need to immediately exempt a new IP address. 
   
   
   • Click IPs/Subnets.
   • Select New > IP/Subnet.
   • Enter a new address (or import a list from a text file).
   • Click Save.
   • Click Add Destinations. Select the destination elements that are exempt from authentication and click Save.
   • Click Add Rule. This creates a new Auth Exemption policy rule.
   • You can add the rule. When satisfied, click Activate.

See Exempt From Authentication for more information.

Add Domain to bypass list

1. Navigate to the Policy > Bypassed Traffic > Bypassed Domains tab.
2. Click Add. The portal displays a dialogue.
3. Enter a valid Domain.
4. (Optional) Enter a Comment.
5. (Optional) Click the + icon to add another row for another entry.
6. Click Add Bypass Domain.

See Prevent a Domain From Routing to the Web Security Service for more information.

Common IdP domain list