How do I add a custom login domain in Push?

If you use a custom domain for your identity provider, such as <mydomain>.idp.com, you should add it to the Custom login URLs list on the Settings page of the Push admin console.

By adding your custom login URL, Push will be able to accurately identify your identity provider or other important work apps such as Github when it observes employee logins, classifies the login method, and applies your configured security controls.

The custom login URL will also be referenced for certain Push controls, such as Cloned login page detection and Password protection, to accurately identify your legitimate application login pages.

Important! If you use different custom URLs to support different authentication methods in the same system, such as in your IdP or any other application — for example, <mydomain>.idp.com/saml for SAML logins and <mydomain>.idp.com/login for password logins — you can only enter a single Custom login URL in Push for a given application (e.g. Okta).

Push recommends optimizing for reliable detections by entering the more generic version of the URL, e.g. <mydomain>.idp.com.

If you notice incorrect login events for an app — for example, password logins appearing for an app that exclusively uses SAML, or duplicate login events triggered by password resets or user creation pages — you can adjust your Custom login URL to be more precise. This kind of issue can occur when the generic URL matches pages that contain password fields but are not actual login pages.

Note: If you have not added custom login URLs for your IdP, you may see it appear in the “Other apps” list in the admin console. To get it recognized as a work app, add your custom login URL.