The location feature allows you to configure different authentication methods for different locations. A location can consist of one or more sites in a region or multiple sites across regions.
When configuring a location, you can:
- Map a list of IP address ranges to the location
- Map an IPsec tunnel to the location
- Map a GRE tunnel to the location
- Configure more than one type of mapping for the location
- Add SAML authentication to the location
- Configure log data residency for the location
At least one IP range, IPsec, or GRE mapping is needed to configure a location.
In the following, more information is provided about these methods, including the restrictions you need to be aware of when mapping IP address ranges to a location.
For information about how to complete steps for configuring locations, see About Configuring Locations.
Restricted Use of IP Address Ranges
When mapping a list of IP address ranges to a location, you cannot use the following:
Private IP address ranges
- IP address ranges of the networks for our Points of Presence (PoPs)
A list of IP address ranges for our PoPs is provided on a status page, see Skyhigh Security Status. On this page, select Setup > IP Addresses/Ranges to view the list.
Configuring SAML Authentication for a Location
SAML authentication is configured for a list of domains. Each configuration is named and saved. You can select and add one SAML configuration to a location. SAML authentication is applied to the web requests received from the IP address ranges or through the IPsec or GRE tunnels configured for the location.
Configuring Log Data Residency for a Location
You can specify a storage and reporting region for web access data collected when traffic originates from the IP address ranges or through the IPsec or GRE tunnels configured for the location. The location-specific log data residency setting overrides the global log data residency settings that you configure.
You need Administrator > Setup & Configuration permissions to access the options on the user interface for setting up Secure Web Gateway and configuring your locations.