Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security


The location feature allows you to configure different authentication methods for different locations. A location can consist of one or more sites in a region or multiple sites across regions.

When configuring a location, you can:

  • Map a list of IP address ranges to the location
  • Map an IPsec tunnel to the location
  • Map a GRE tunnel to the location
  • Configure more than one type of mapping for the location
  • Add SAML authentication to the location
  • Configure log data residency for the location

At least one IP range, IPsec, or GRE mapping is needed to configure a location.

In the following, more information is provided about these methods, including the restrictions you need to be aware of when mapping IP address ranges to a location.

For information about how to complete steps for configuring locations, see About Configuring Locations.

Restricted Use of IP Address Ranges

When mapping a list of IP address ranges to a location, you cannot use the following:

  • Private IP address ranges

  • IP address ranges of the networks for our Points of Presence (PoPs)

    A list of IP address ranges for our PoPs is provided on a status page, see Skyhigh Security Status. On this page, select Setup > IP Addresses/Ranges to view the list.

Configuring SAML Authentication for a Location

SAML authentication is configured for a list of domains. Each configuration is named and saved. You can select and add one SAML configuration to a location. SAML authentication is applied to the web requests received from the IP address ranges or through the IPsec or GRE tunnels configured for the location.

Configuring Log Data Residency for a Location

You can specify a storage and reporting region for web access data collected when traffic originates from the IP address ranges or through the IPsec or GRE tunnels configured for the location. The location-specific log data residency setting overrides the global log data residency settings that you configure.


You need Administrator > Setup & Configuration permissions to access the options on the user interface for setting up Secure Web Gateway and configuring your locations.

  • Was this article helpful?