We are working to get DUO integrated with JIRA and Confluence. However, the application links do not work as expected (specifically the API calls). We contacted DUO support and were provided the below recommendation which seems to work. However, i am not sure how to secure it to whitelisted ip addresses only.
Does any know know if the below rule applies to only whitelisted ip addresses ? If not, how do we whitelist the IP addresses ?
As mentioned, here are the recommendations for internal IP whitelisting:
Bypassing Duo 2FA for any API request. Our recommendation is to whitelist API calls to internal IPs only.
<init-param> <param-name>bypass.APIs</param-name> <param-value>true</param-value> </init-param>
Thanks for your help.