Security

Allowed redirect URIs

To ensure that the redirect-uri parameter only allows open redirects to known destinations, a domain allowlist can be configured per template, or globally in the Domain Manager page within the Persona Dashboard.

Once you add one or more domains, the Inquiry flow will disallow redirects to destinations not matching those domains.

When specifying domains, only provide the domain. Do not provide a URI scheme (e.g. https://).