This article is for:
- IT Groups and Administrators
If you experience issues accessing Workiva or receiving emails, you may want to check to make sure you have certain domains on your allowlist, also known as whitelist, at your organization. If you’re an IT admin, you can use the information below to allow domains and emails for your network.
Workiva is accessed through a secure HTTPS connection using TLS version 1.3. The URL is https://app.wdesk.com and https://eu.wdesk.com and https://apac.wdesk.com. It is built upon Google App Engine as the PaaS (Platform as a Service) and utilizes Amazon Web Services for IaaS (Infrastructure as a Service).
Note: Workiva uses HTTPS (TLS over port 443) for all communications to the platform.
Network policy options
Workiva works with Domain Name System (DNS) whitelisting using the URLs listed below. There are primarily two domains, app.wdesk.com and webfilings.com. If you whitelist *.*.wdesk.com and *.webfilings.com this will allow the application to access through your firewalls.
As an alternative SHA-2 certificates on our servers are current for wdesk.com and .webfilings.com domains.
Host and email details
The following table includes both US and EU whitelisting. If your organization uses US (app.wdesk.com), EU may be ignored. If your organization uses EU (eu.wdesk.com), US may be ignored.
Domains Required for Proper Platform Functionality
|Main subdomain for common Workiva services|
|*.wdesk.com||Main domain for production application|
|*.*.wdesk.com||Subdomains for supporting components|
|Taxonomy service (XBRL)|
|*.webfilings.com||Old corporate domain|
|ajax.googleapis.com||Google CDN for hosted libraries|
|*.googleanalytics.com||Google Analytics - Anonymous metric tracking for application improvements|
|*.wistia.com, fast.wistia.net||Video hosting for help content|
|WebSocket/XHR for Spreadsheets/Database|
|(Old) WebSocket / XHR for Spreadsheets and Database|
|New Relic application performance monitoring|
|cdn-prod.wdesk.com||Workiva content delivery network|
|*.wdeskusercontent.com||Used for hosting user-uploaded content and files to provide improved customer security|
|Chat support agent profile pictures|
|*.zopim.com||Chat client websocket connection|
|id.zopim.com||Login and Authentication for chat client|
|Chat Support Agent profile pictures|
|workiva.zendesk.com||Help article sourcing|
|Learning Management System (LMS)|
|auth.workiva.com||Authentication portal for signing in to Support Center and Learning Hub|
|id.zopim.com||Login and authentication for chat client|
|accounting.workiva.com||Workiva Accounting team to send/receive payment documentation|
|events.workiva.com||Workiva Amplify Event domain|
Workiva operational domain that may include customer project documentation
Customer satisfaction surveys
An in-app guide to help customers navigate through their user experience
Please ensure all domains are allowed to egress without MITM proxy.
Email and IP list
|Workiva notification email and dedicated IP
|EU Workiva notification email and dedicated IP
|APAC Wdesk notification email and dedicated IP addresses|
IP list for Wdata Chains
If you're using Wdata chains with a CloudRunner and your network requires a whitelist of inbound IPs, add one of the following:
|220.127.116.11||US production application|
|18.104.22.168||EU production application|
|22.214.171.124||APAC production application|
Learning Hub IP
|126.96.36.199||Learning Hub courses and training|
If you need assistance with domain and email whitelisting, you can reach out to email@example.com.
Can I choose to allow specific IPs?
Choosing to allow on specific IPs for Workiva will not work. The IP addresses used are too dynamic to provide optimum scalability. Workiva can enforce your IP whitelisting for your internal network as a security setting. Workiva does provide a unique environment through our pointers and indexing to ensure your data is only accessible by you.
Workivas utilizes a public deployment model. A public deployment model defined by NIST is "the cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider."