We use an IdP (Onelogin) for SSO with Azure. Ever since we started with Azure there has been unauthorized login attempts cause user lockouts on Onelogin side. I need to whitelist the IPs on Azure side that are able to send SSO login attempts.
We want to request to go to SSO but only if it meets the IP whitelisting first.
Azure/Onelogin uses WS-Trust for Authentication.
I checked with Onelogin, they don't offer anything that would prevent an authentication attempt based on IP for a WS-Trust auth from Azure.