This article is for:
- IT Groups and Administrators
If you experience issues accessing Workiva or receiving emails, you may want to check to make sure you have certain domains on your allowlist, also known as whitelist, at your organization. If you’re an IT admin, you can use the information below to allow domains and emails for your network.
Workiva is accessed through a secure HTTPS connection using TLS version 1.2. The URL is https://app.wdesk.com and https://eu.wdesk.com and https://apac.wdesk.com. It is built upon Google App Engine as the PaaS (Platform as a Service) and utilizes Amazon Web Services for IaaS (Infrastructure as a Service).
Note: Workiva uses HTTPS (TLS over port 443) for all communications to the platform.
Network policy options
Workiva works with Domain Name System (DNS) whitelisting using the URLs listed below. There are primarily two domains, app.wdesk.com and webfilings.com. If you whitelist *.*.wdesk.com and *.webfilings.com this will allow the application to access through your firewalls.
As an alternative SHA-2 certificates on our servers are current for wdesk.com and .webfilings.com domains.
Host and email details
The following table includes both US and EU whitelisting. If your organization uses US (app.wdesk.com), EU may be ignored. If your organization uses EU (eu.wdesk.com), US may be ignored.
|Main subdomain for common Workiva services|
|*.wdesk.com||Main domain for production application|
|*.*.wdesk.com||Subdomains for supporting components|
|Taxonomy service (XBRL)|
|*.webfilings.com||Old corporate domain|
|ajax.googleapis.com||Google CDN for hosted libraries|
|*.googleanalytics.com||Google Analytics - Anonymous metric tracking for application improvements|
|*.wistia.com, fast.wistia.net||Video hosting for help content|
|WebSocket/XHR for Spreadsheets/Database|
|New Relic application performance monitoring|
|cdn-prod.wdesk.com||Workiva content delivery network|
|*.wdeskusercontent.com||Used for hosting user-uploaded content and files to provide improved customer security|
|Chat support agent profile pictures|
|*.zopim.com||Chat client websocket connection|
|id.zopim.com||Login and Authentication for chat client|
|workiva.zendesk.com||Help article sourcing|
|Learning Management System (LMS)|
|auth.workiva.com||Authentication portal for signing in to Support Center and Learning Hub|
|id.zopim.com||Login and authentication for chat client|
Email and IP list
|Workiva notification email and dedicated IP
|EU Workiva notification email and dedicated IP
|APAC Wdesk notification email and dedicated IP addresses|
Outbound IP list for Wdata Chains
|184.108.40.206||US production application|
|220.127.116.11||EU production application|
|18.104.22.168||APAC production application|
Learning Hub IP
|22.214.171.124||Learning Hub courses and training|
If you need assistance with domain and email whitelisting, you can reach out to email@example.com.
Can I choose to allow specific IPs?
Choosing to allow on specific IPs for Workiva will not work. The IP addresses used are too dynamic to provide optimum scalability. Workiva can enforce your IP whitelisting for your internal network as a security setting. Workiva does provide a unique environment through our pointers and indexing to ensure your data is only accessible by you.
Workivas utilizes a public deployment model. A public deployment model defined by NIST is "the cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider."