Overview
When a user clicks the early access banner in Security Journey, they will authenticate as usual and then be routed into the new Security Journey experience. This transition does not require changes to your SSO/IdP configuration.
However, organizations with strict outbound network controls (deny-by-default) may need to safelist the domains used by the new Security Journey experience to ensure users can access it successfully.
Note: During the early access phase, some domains used to enter the new Security Journey experience are temporary. These domains will no longer be required once the legacy platform experience is deprecated.
What users experience
-
The user clicks the banner at the top of the My Journey page.
-
The user is redirected into the new Security Journey experience.
This is expected behavior and should feel seamless to end users.
Does the new Security Journey experience require SSO/IdP changes?
No. In most cases, customers do not need to update their identity provider (IdP) settings.
From the IdP’s perspective, the authentication flow is unchanged.
When is network safelisting required?
If your organization uses a deny-by-default outbound network policy or strict URL/domain allowlisting, you may need to safelist the domains required to access the new Security Journey experience. This ensures users can complete the redirect and successfully load the experience after signing in.
If you need to update your allowlist rules, add:
-
atlas.securityjourney.com\