This article describes a method to "white-list" IP addresses without the users needing to authenticate by either SSO or ULA.
Create an Address Object under Network | Address Objects, containing the IP addresses to be white-listed.
If using Access Rules for user authentication then add an additional rule with the Source as the newly created Address Object and Users Allowed set to All.
If you also want the IP addresses to bypass SSO then select that Address Object with "Bypass the Single Sign On process for traffic from" on the Enforcement tab of the SSO configuration. Note that users at these IP addresses will then get the default CFS policy applied and will not be included in IPS policies, App Rules etc. that include particular users.