Allowlisting Celonis domain names, IP addresses and third-party domains
Important
Celonis does not recommend using IP allowlisting for traffic flowing into Celonis as the destination since it requires additional maintenance and can result in an interruption to service when IPs are added or modified if the allowlist has not been updated. IPs are subject to change with a two-week notice period. To check the status of Celonis services, go to https://status.celonis.com/.
Celonis instead recommends allowlisting fully qualified domain names (FQDNs) instead of IP addresses for traffic flowing into Celonis as the destination if your firewall allows filtering rules such as "teamname"."realm".celonis.cloud.
If you cannot use Fully Qualified Domain Name (FQDN) allow lists in your firewall, use an IP allowlist to provide access to the Celonis IP addresses listed below. Your system administrator might need to add all global and realm-specific Celonis IP addresses to your corporate allowlist.
Note
For users utilizing a BICC connector, an IP address change also requires updating the fingerprint for the service account or else the extractions will fail until this fingerprint update is completed.
See third-party domains below if you are restricting access to the specific domains that your user’s web browsers can access. Those domains should be added to your domain filter in addition to your Celonis Team domain name.
Celonis IPs as destination
If you need to allowlist Celonis Platform IP addresses instead of FQDNs for sending data towards Celonis Platform (such as when using Celonis Uplink Extractors on your premises or sending source system extracted data via Data Push API), add all of the IP addresses below in your firewall:
Note
If your firewall is IPv6 enabled, include the IP addresses below that contain colons (:).
162.159.140.65 172.66.0.65 2606:4700:7::41 2a06:98c1:58::41 172.65.64.56 172.65.64.57 2606:4700:78::4 2606:4700:78::5
Celonis IPs as origin
Note
The Celonis IPs as origin for the eu-2, eu-3, jp-1, uk-1 and us-2 regions are undergoing changes. If your systems rely on IP allowlists, please review and update your Celonis IPs as origin accordingly.
For more details, see Planned Releases.
If you need to access your own services (such as web services or mail servers) on your own premises or on a SaaS provider tenant (such as Salesforce or Snowflake), you can specify IP addresses based on the realm where your Celonis team resides:
Realm | Celonis Platform IPs as origin |
|---|---|
eu-1 | 18.184.169.225 18.184.23.70 35.156.1.191 |
eu-2 | 13.73.158.49 13.80.109.60 168.63.109.207 |
eu-3 | 20.218.91.128 20.218.105.182 20.79.237.0/30 |
eu-4 | 18.193.182.112 18.193.93.30 18.196.83.72 |
eu-5 | 3.66.63.163 3.66.64.244 35.156.166.165 |
uk-1 | No static IP |
us-1 | 35.173.85.93 52.2.234.158 52.201.190.146 |
us-2 | 20.187.3.129 52.183.80.180 40.65.121.189 |
us-3 | 3.234.197.42 52.206.79.170 3.232.245.238 3.223.178.232 52.73.17.255 34.231.61.123 |
jp-1 | 52.243.46.143 |
br-1 | 18.231.199.106 54.232.123.222 54.94.155.76 |
au-1 | No static IP |
in-1 | No static IP |
ch-1 | No static IP |
Third-party domains
Celonis Platform takes advantage of a number of third-party services. The domains for these third-party services may need to be added to your allowlist by your IT admin.
Third party domain | Comment | Can be deactivated if required |
|---|---|---|
static.celonis.cloud | This domain is used to serve static assets such as JavaScript files, images, logos, etc. | No |
id.celonis.cloud | This domain is required when users access the Celonis Platform using Single Sign On via Celonis ID. | No |
res.cloudinary.com | This domain is required for delivering image and video content as part of the AppCues integration. | Yes |
fast.appcues.com | This domain is required for targeted notification banners to inform users about new features, maintenance windows, and other time sensitive information. | Yes |
api.appcues.net | This domain is required for targeted notification banners to inform users about new features, maintenance windows, and other time sensitive information. | Yes |
fonts.googleapis.com | This domain is required for delivering fonts as part of the AppCues integration. | Yes |
fonts.gstatic.com | This domain is required for delivering fonts as part of the AppCues integration. | Yes |
rum.browser-intake-datadoghq.com | This domain is required for monitoring application performance from a customer perspective. | No |
api.userlane.com | This is a content delivery network used for Training and Academy Celonis Platform environments only. | Yes |
cdn.userlane.com | This is a content delivery network used for Training and Academy Celonis Platform environments only. | Yes |
imgcdn.userlane.com | This is a content delivery network used for Training and Academy Celonis Platform environments only. | Yes |
auth.userlane.com | This is a content delivery network used for Training and Academy Celonis Platform environments only. | Yes |