Skip to main content

Celonis Product Documentation

Allowlisting Celonis IP addresses and third party domains

An IP allowlist is used to provide access to selected IP addresses that your network server policy could typically block. To use some EMS functionalities, you might need your system administrator to add EMS IP addresses to your corporate allowlist. Similarly, for any incoming traffic to EMS, some third party (external) IP addresses or URLs might require allowlisting.

Important

Celonis IP addresses will be changing soon. If you are using IP allow lists for Celonis IP addresses in your firewall or SaaS provider, please add the new global IP addresses below in addition to avoid Celonis EMS service disruptions. Please keep the existing IP addresses in your allow list until our transition to the new IP addresses is complete.

Note

We recommend allowlisting IP addresses using the hostname, for examples "teamname"."realm". If that is not possible, you should allowlist the IP addresses of respective clusters in your firewall configuration to connect the on-premise extractor server and the cloud endpoint. Remember that for some clusters, there might be multiple IP addresses that you must enable.

Here's the list of Celonis EMS clusters with their IP addresses.

Cluster

EMS IPs as destination [1]

EMS IPs as origin [2]

global

162.159.140.65

172.66.0.65

2606:4700:7::41

2a06:98c1:58::41

172.65.64.56

172.65.64.57

2606:4700:78::4

2606:4700:78::5

see cluster specific IP addresses below

eu-1

18.184.97.187

18.197.224.124

52.58.147.34

18.184.169.225

18.184.23.70

35.156.1.191

eu-2

13.80.109.60

13.73.158.49

eu-3

51.116.175.215

51.116.239.165

51.116.175.215

20.52.130.129

eu-4

18.158.219.136

3.126.213.135

18.193.90.201

18.193.182.112

18.193.93.30

18.196.83.72

eu-5

No static IP

Use the hostname, i.e. teamname.eu-5.celonis.cloud"

3.66.63.163

3.66.64.244

35.156.166.165

uk-1

No static IP

Use the hostname, i.e. teamname.uk-1.celonis.cloud"

No static IP

us-1

18.213.10.214

18.210.138.205

18.212.45.36

35.173.85.93

52.2.234.158

52.201.190.146

us-2

52.183.80.180

20.187.3.129

52.183.80.180

40.65.121.189

us-3

No static IP

Use the hostname, i.e. teamname.us-3.celonis.cloud"

3.234.197.42

52.206.79.170

3.232.245.238

3.223.178.232

52.73.17.255

34.231.61.123

jp-1

13.73.16.140

52.243.46.143

au-1

No static IP

Use the hostname, i.e. teamname.au-1.celonis.cloud"

No static IP

[1] These IP addresses can be used when configuring firewalls on systems that connect to EMS, such as on-prem extractor servers.

[2] These IP addresses should be used when configuring firewalls on systems which EMS connects to, e.g. cloud-based source systems, such as Salesforce or Snowflake or custom SMTP servers.

Third party domains

Celonis EMS takes advantage of a number of third party services. The domains for these third party services may need to be added to your allowlist by your IT admin.

Third party domain

Comment

Can be deactivated if required

static.celonis.cloud

This domain is used to serve static assets such as javascript files, images, logos, etc.

No

id.celonis.cloud

This domain is required when users access the EMS using Single Sign On via Celonis ID.

No

res.cloudinary.com

This domain is required for delivering image & video content as part of the AppCues integration.

Yes

fast.appcues.com

This domain is required for targeted notification banners to inform users about new features, maintenance windows, and other time sensitive information.

Yes

api.appcues.net

This domain is required for targeted notification banners to inform users about new features, maintenance windows, and other time sensitive information.

Yes

fonts.googleapis.com

This domain is required for delivering fonts as part of the AppCues integration.

Yes

fonts.gstatic.com

This domain is required for delivering fonts as part of the AppCues integration.

Yes

rum.browser-intake-datadoghq.com

This domain is required for monitoring application performance from a customer perspective.

No

api.userlane.com

This is a content delivery network used for Training and Academy EMS environments only.

Yes

cdn.userlane.com

This is a content delivery network used for Training and Academy EMS environments only.

Yes

imgcdn.userlane.com

This is a content delivery network used for Training and Academy EMS environments only.

Yes

auth.userlane.com

This is a content delivery network used for Training and Academy EMS environments only.

Yes