I believe that I had just discussed this with your colleague in a ticket.
Unfortunately it is not possible to disable protection on a single page in your version. This is possible from v10 hotfix 03 where we had created workaround as is described in following article:
However exempting pages from protection is not exactly great approach either. I am not sure about your SSO setup, but best approach would be to avoid posting to any page that inherits from CMSPage and handle the post via some service, or other custom code as pages themselves should not receive posts from other sites, rather they should serve as a presentation context and let handlers and services work with integrations.