This article is for:
- IT Groups and Administrators
Host Whitelisting
If you experience issues accessing Wdesk or receiving emails, you may want to check to make sure you have certain domains whitelisted at your organization. If you’re an IT admin, you can use the information below to whitelist domains and emails for your network.
Wdesk is accessed through a secure HTTPS connection using TLS version 1.2. The Wdesk URL is https://app.wdesk.com or https://eu.wdesk.com. It is built upon Google App Engine as the PaaS (Platform as a Service) and utilizes Amazon Web Services for IaaS (Infrastructure as a Service).
Note: Workiva uses HTTPS (TLS over port 443) for all communications to the platform.
Network Policy Options
Wdesk works with Domain Name System (DNS) whitelisting using the URLs listed below. There are primarily two domains, app.wdesk.com and webfilings.com. If you whitelist *.*.wdesk.com and *.webfilings.com this will allow the application to access through your firewalls.
As an alternative SHA-2 certificates on our servers are current for wdesk.com and .webfilings.com domains.
Host and Email Details
The following table includes both US and EU whitelisting. If your organization uses US (app.wdesk.com), EU whitelisting may be ignored. If your organization uses EU (eu.wdesk.com), US whitelisting may be ignored.
Domain Whitelist
| Domain | Purpose |
| h.app.wdesk.com h.eu.wdesk.com |
Main subdomain for common Wdesk services |
| *.wdesk.com | Main domain for production application |
| *.*.wdesk.com | Subdomains for supporting components |
| taxonomy-dot-webfilings-hrd.appspot.com | Taxonomy service (XBRL) |
| *.workiva.com | Corporate domain |
| *.webfilings.com | Old corporate domain |
| ajax.googleapis.com | Google CDN for hosted libraries |
| fpdownload.adobe.com | Font downloads |
| *.googleanalytics.com | Google Analytics - Anonymous metric tracking for application improvements |
| *.wistia.com, fast.wistia.net | Video hosting for help content |
| h.app.wdesk.com/s/messaging-frontend/ h.eu.wdesk.com/s/messaging-frontend/ |
WebSocket/XHR for Spreadsheets/Database |
| messaging.app.wdesk.com | (old) WebSocket/XHR for Spreadsheets/ Database |
| bam.nr-data.net js-agent.newrelic.com |
New Relic application performance monitoring |
| cdn-prod.wdesk.com | Wdesk Content Delivery Network |
| *.wdeskusercontent.com | Used for hosting user-uploaded content and files to provide improved customer security |
Email and IP Whitelist
| IP | Purpose |
| notifications@app.wdesk.com 54.240.45.95 54.240.45.96 54.240.45.97 54.240.45.98 54.240.45.99 |
Wdesk notification email and dedicated IP addresses |
| notifications@eu.wdesk.com 69.169.230.102 69.169.230.103 69.169.230.104 69.169.230.105 69.169.230.106 |
EU Wdesk notification email and dedicated IP addresses |
Outbound IP Whitelist for Wdata Chains
If using Wdata chains with commands that use a CloudRunner and your network requires a whitelist of outbound domains:
| IP | Purpose |
| 34.199.100.193 | US production application |
| 54.76.117.194 | EU production application |
If you need assistance with domain and email whitelisting, you can reach out to support@workiva.com.
Can I Use IP Whitelisting?
Whitelisting specific IPs for Wdesk will not work. The IP addresses used for Wdesk are too dynamic to provide optimum scalability. Wdesk can enforce your IP whitelisting for your internal network as a security setting. Wdesk does provide a unique environment through our pointers and indexing to ensure your data is only accessible by you.
Wdesk utilizes a public deployment model. A public deployment model defined by NIST is "the cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider."