A trusted domain configuration is required when the client application hosted domain is different than the CyberArk Identity server. It will make the cross-origin requests. You must explicitly allow these requests, otherwise you might encounter the following error in your web browser console.
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://<<clientapplication>>. (Reason: CORS request did not succeed).
To avoid this CORS issue, we recommend using a custom domain so your CyberArk Identity tenant and client application are part of the same domain. Refer to Create a custom domain for CyberArk Identity for more information. If you don't use a custom domain, you can specify trusted DNS domains for API calls.
To specify a trusted DNS domain for API calls
- Sign in to the Admin Portal as a System Administrator and go to Settings > Authentication > Security Settings.
- In the API Security section under Specify trusted DNS domains for API calls, click Add.
- Enter the domain name and click Add.
Add only the domain name. Do not add any protocol (http[s]) prefix or other suffixes.
- Click Save to update the trusted domain list.
The following image provides an example.
Client applications on trusted domains can now communicate with CyberArk Identity without CORS issues.
Updated almost 2 years ago