A trusted domain configuration is required when the client application hosted domain is different than the CyberArk Identity server. It will make the cross-origin requests. You must explicitly allow these requests, otherwise you might encounter the following error in your web browser console.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://<<clientapplication>>. (Reason: CORS request did not succeed).

To avoid this CORS issue, we recommend using a custom domain so your CyberArk Identity tenant and client application are part of the same domain. Refer to Create a custom domain for CyberArk Identity for more information. If you don't use a custom domain, you can specify trusted DNS domains for API calls.

Specify trusted DNS domains for API calls

To specify a trusted DNS domain for API calls

1. Sign in to the Admin Portal as a System Administrator and go to Settings > Authentication > Security Settings.
2. In the API Security section under Specify trusted DNS domains for API calls, click Add.
3. Enter the domain name and click Add.

   Add only the domain name. Do not add any protocol (http[s]) prefix or other suffixes.

4. Click Save to update the trusted domain list.

The following image provides an example.

Client applications on trusted domains can now communicate with CyberArk Identity without CORS issues.