Hi ThatSecurityDude,
We appreciate your inquiry. I recommend checking out the following article IP Whitelist/Blacklist or Allowlist/Denylist on the ForgeRock Identity Cloud. The article illustrates a whitelist implementation, which can be a suitable way to permit traffic exclusively to or from specific sub-domains.
If you require further assistance in implementing IP address restrictions for specific subdomains from your data center, I would advise opening a support ticket. Our IDC experts will provide you with more customized guidance to address your specific needs, potentially using Identity Gateway.
Thank you,
Sheila