The location feature allows you to configure different authentication methods for different locations. A location can consist of one or more sites in a region or multiple sites across regions.
When configuring a location, you can:
- Map a list of IP address ranges to the location
- Map an IPsec tunnel to the location
- Map a GRE tunnel to the location
- Configure more than one type of mapping for the location
- Add SAML authentication to the location
- Configure log data residency for the location
At least one IP range, IPsec, or GRE mapping is needed to save the location.
SAML authentication and location
SAML authentication is configured for a list of domains. Each configuration is named and saved. You can select and add one SAML configuration to a location. SAML authentication is applied to the web requests received from the IP address ranges or through the IPsec or GRE tunnels configured for the location.
Log data residency and location
You can specify a storage and reporting region for web access data collected when traffic originates from the IP address ranges or through the IPsec or GRE tunnels configured for the location. The location-specific log data residency setting overrides the global log data residency settings that you configure.
You need Administrator > Setup & Configuration permissions to access the options on the user interface for setting up Secure Web Gateway and configuring your locations.