This article is for:
- IT Groups and Administrators
Allow hosts
If you experience issues accessing Workiva or receiving emails, you may want to check to make sure you have certain domains on your allowlist at your organization. If you’re an IT admin, you can use the information below to allow domains and emails for your network.
Workiva is accessed through a secure HTTPS connection using TLS version 1.3. The URL is https://app.wdesk.com and https://eu.wdesk.com and https://apac.wdesk.com. It utilizes Amazon Web Services for IaaS (Infrastructure as a Service).
Note: Workiva uses HTTPS (TLS over port 443) for all communications to the platform.
Network policy options
Workiva works with Domain Name System (DNS) allowlisting using the URLs listed below. There are primarily two domains, app.wdesk.com and webfilings.com. If you allowlist *.*.wdesk.com and *.webfilings.com this will allow the application to access through your firewalls.
As an alternative SHA-2 certificates on our servers are current for .wdesk.com and .webfilings.com domains.
Host and email details
The following table includes both US and EU allowlisting. If your organization uses US (app.wdesk.com), EU may be ignored. If your organization uses EU (eu.wdesk.com), US may be ignored.
Domains Required for Proper Platform Functionality
| Domain | Purpose |
| h.app.wdesk.com h.eu.wdesk.com h.apac.wdesk.com |
Main subdomain for common Workiva services |
| *.wdesk.com | Main domain for production application |
| *.*.wdesk.com | Subdomains for supporting components |
| taxonomy-dot-webfilings-hrd.appspot.com taxonomy-dot-webfilings.appspot.com taxonomy-dot-webfilings-eu.appspot.com |
Taxonomy service (XBRL) |
| *.workiva.com | Corporate domain |
| *.webfilings.com | Old corporate domain |
| ajax.googleapis.com | Google CDN for hosted libraries |
| fpdownload.adobe.com | Font downloads |
| *.googleanalytics.com | Google Analytics - Anonymous metric tracking for application improvements |
| *.wistia.com, fast.wistia.net | Video hosting for help content |
| h.app.wdesk.com/s/messaging-frontend/ h.eu.wdesk.com/s/messaging-frontend/ h.apac.wdesk.com/s/messaging-frontend/ |
WebSocket/XHR for Spreadsheets/Database |
| gov-bam.nr-data.net js-agent.newrelic.com |
New Relic application performance monitoring |
| cdn-prod.wdesk.com | Workiva content delivery network |
| *.wdeskusercontent.com | Used for hosting user-uploaded content and files to provide improved customer security |
| v2assets.zopim.io static.zdassets.com |
Chat support agent profile pictures |
| *.zopim.com | Chat client websocket connection |
| id.zopim.com | Login and Authentication for chat client |
| v2assets.zopim.io static.zdassets.com |
Chat Support Agent profile pictures |
| workiva.zendesk.com | Help article sourcing |
| training.workiva.com api.rollbar.com cloud.scorm.com app.box.com *.skilljar.com *.sj-cdn.net *.everpath-course-content.s3-accelerate.amazonaws.com |
Learning Management System (LMS) |
| auth.workiva.com | Authentication portal for signing in to Support Center and Learning Hub |
| id.zopim.com | Login and authentication for chat client |
| accounting.workiva.com | Workiva Accounting team to send/receive payment documentation |
| events.workiva.com | Workiva Amplify Event domain |
| operations.workiva.com |
Workiva operational domain that may include customer project documentation |
| survey.workiva.com | Customer satisfaction surveys |
| www.pendo.com api.feedback.us.pendo.io api.feedback.eu.pendo.io |
An in-app guide to help customers navigate through their user experience |
| https://appsforoffice.microsoft.com/* https://go.microsoft.com/fwlink/?LinkId=276812 http://schemas.microsoft.com/office/taskpaneappversionoverrides http://schemas.microsoft.com/office/officeappbasictypes/1.0 http://schemas.microsoft.com/office/appforoffice/1.1 |
Workiva Sync for non-GCCH customers |
|
https://appsforoffice.gcch.cdn.office.net |
Workiva Sync for GCCH customers |
|
https://appsforoffice.dod.cdn.office.net |
Workiva Sync for DOD customers |
| *.jwpcdn.com *.jwplayer.com *.jwplatform.com *.jwpsrv.com *.jwpltx.com jwpsrv-vh.akamaihd.net |
CDN domains utilized by JWPlayer for displaying media within Skilljar content (as outlined in Configuring Firewall Whitelisting and Content Security Policy on the Skilljar site). |
Please ensure all domains are allowed to egress without MITM proxy.
Email and IP list
| IP | Purpose |
| notifications@workiva.com 54.240.45.95 54.240.45.96 54.240.45.97 54.240.45.98 54.240.45.99 |
Workiva notification email and dedicated IP addresses |
| notifications@workiva.com 69.169.230.102 69.169.230.103 69.169.230.104 69.169.230.105 69.169.230.106 |
EU Workiva notification email and dedicated IP addresses |
| notifications@workiva.com 76.223.182.50 76.223.182.51 76.223.182.52 76.223.182.53 76.223.182.54 |
APAC Wdesk notification email and dedicated IP addresses |
IP list for Wdata Chains
If you're using Wdata chains with a CloudRunner and your network requires an allowlist of inbound IPs, add one of the following:
| IP | Purpose |
| 34.199.100.193 | US production application |
| 54.76.117.194 | EU production application |
| 52.69.47.164 | APAC production application |
IP list for Workiva Scripting
| IP | Purpose |
| 3.222.223.56 | US production application |
| 54.74.82.80 | EU production application |
| 52.197.33.96 | APAC production application |
Learning Hub IP
| IP | Purpose |
| 54.153.47.43 | Learning Hub courses and training |
IP list for Workiva Support Users
To ensure that Workiva's support personnel are available to you at all times, include the following Workiva IP addresses in your IP addresses configuration. Adding these IPs also ensures that our Wdesk support services will continue to be available to you in the event of natural disasters or utility outages.
| Workiva Purpose | Range Start | Range End |
| Allowlist VPN - US | 52.23.136.245 | 52.23.136.245 |
| Allowlist VPN - EMEA | 34.243.220.178 | 34.243.220.178 |
| Allowlist VPN - APAC | 52.68.124.100 | 52.68.124.100 |
If you need assistance with domain and email allowlisting, you can reach out to Workiva Support.
Common questions
Can I choose to allow specific IPs?
Choosing to allow on specific IPs for Workiva will not work. The IP addresses used are too dynamic to provide optimum scalability. Workiva can enforce your IP allowlisting for your internal network as a security setting. Workiva does provide a unique environment through our pointers and indexing to ensure your data is only accessible by you.
Workivas utilizes a public deployment model. A public deployment model defined by NIST is "the cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider."