Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=protected-browser-settings

Settings

You can configure browser settings, such as Browser enforcement.

Browser enforcement

You can configure access to your critical SaaS applications only through Protected Browser, blocking access from other browsers. To enforce this, use an identity provider (IDP), such as Entra ID or Okta. The IDP authenticates all requests to a specified domain and then routes the traffic through a ZTNA data plane region. To enable this, create a conditional access policy in your IDP that allows the IP address of the ZTNA data plane region you want to use for authentication.

To configure browser enforcement for your applications, do as follows:

  1. Go to My Products > Protected Browser > Settings.

  2. Select an identity provider from the following options:

    • Entra ID: Entra ID authenticates all application access requests that login.microsoftonline.com receives.
    • Okta: Enter the domain that receives application access requests. Okta authenticates requests that the domain you specify receives.

  3. Under Data plane region, select the ZTNA data plane region you want to use for authentication.

  4. Click Copy IPs list to copy the IP addresses of the ZTNA dataplane region.

    You must allow these IP addresses in your IDP for every application whose access you want to enforce through Protected Browser.