Skip to main content

Allowlisting Celonis domain names, IP addresses, and third-party domains

This page provides information on adding IPs addresses and domains to your firewall allowlisting for the Celonis Platform, which are required to connect to and from your data sources. Review all items in Before you start previous to making changes to your firewall allowlisting.

Before you start

This section includes important information related to configuring allowlisting for Celonis IPs addresses and domains. Review all items before making changes to your firewall allowlist.

  • Celonis does not recommend using IP allowlisting for Celonis IPs as destination Instead, if your firewall allows filtering rules, Celonis recommends allowlisting fully qualified domain names (FQDNs), such as <teamname>.<realm>.celonis.cloud.

    Note

    FQDNs are preferred over IP addresses in allowlists because they support dynamic resolution, enabling load balancing, failover, and cloud infrastructure changes without manual updates.

  • IP addresses used for Celonis IPs as origin are subject to change with a two-week notice. These notices are posted in the Celonis Platform release notes.

    Important

    If you rely on IP allowlisting, this may require ongoing maintenance and can lead to service interruptions if the allowlist is not updated when IPs change. Additionally, system administrators may need to add both global and realm-specific Celonis IPs to your organization's allowlist.

  • If you restrict access to specific domains that users' web browsers can access, you may also need to allowlist specific third-party domains used by Celonis, additional to your Celonis Team FQDN. For more information, see the third-party domains .

    Important

    If you do not add these domains, some Celonis Platform will not be available.

  • If you are using a BICC connector, any IP address changes require you to update the fingerprint for the service account.

    Important

    If the fingerprint is not updated when IP address changes occur, data extractions will fail until the fingerprint is updated.

  • To check the status of Celonis services, go to https://status.celonis.com/.

Celonis IPs as destination

If you need to allowlist Celonis Platform IP addresses, instead of using FQDNs, for sending data to Celonis Platform (such as when using Celonis Uplink Extractors or sending extracted data via Data Push API), add the IP addresses below to your firewall allowlist, based on your IP protocol stack:

Important

If you are using a dual-stack configuration, add both the IPv4 and IPv6 address lists to your firewall allowlist to avoid connectivity issues when DNS resolves to either protocol.

Celonis IPv4 destination addresses

  • Comma-separated:

    162.159.140.65,172.66.0.65,172.65.64.56,172.65.64.57

  • New-line separated:

    162.159.140.65
172.66.0.65
172.65.64.56
172.65.64.57

Celonis IPv6 destination addresses

  • Comma-separated:

    2606:4700:7::41,2a06:98c1:58::41,2606:4700:78::4,2606:4700:78::5

  • Newline-separated :

    2606:4700:7::41
2a06:98c1:58::41
2606:4700:78::4
2606:4700:78::5

Celonis IPs as origin

If you need to access your own services—such as web services or mail servers—hosted either on-premises or in a SaaS environment (like Salesforce or Snowflake), you can allowlist IP addresses based on the realm where your Celonis team resides. Your realm can be found in the URL of your Celonis Team instance, <teamname>.<realm>.celonis.cloud.

Note

The Celonis IPs as origin for the eu-2, eu-3, jp-1, uk-1, and us-2 realms have been updated. Review and update your allowlist accordingly, ensuring the new IP addresses are added. For more details, see the April 2025 Release Notes and May 2025 Release Notes.

Realm

Celonis Platform IPs as origin

eu-1

  • Comma-separated:

    18.184.169.225,18.184.23.70,35.156.1.191

  • Newline-separated:

    18.184.169.225
18.184.23.70
35.156.1.191

eu-2

  • Comma-separated:

    13.73.158.49,13.80.109.60,168.63.109.207,20.31.2.184,20.31.2.185,20.31.2.186

  • Newline-separated:

    13.73.158.49
13.80.109.60
168.63.109.207
20.31.2.184
20.31.2.185
20.31.2.186

eu-3

  • Comma-separated:

    20.218.91.128,20.218.105.182,20.79.237.0/30

  • Newline-separated:

    20.218.91.128
20.218.105.182
20.79.237.0/30

eu-4

  • Comma-separated:

    18.193.182.112,18.193.93.30,18.196.83.72

  • Newline-separated:

    18.193.182.112
18.193.93.30
18.196.83.72

eu-5

  • Comma-separated:

    3.66.63.163,3.66.64.244,35.156.166.165

  • Newline-separated:

    3.66.63.163
3.66.64.244
35.156.166.165

uk-1

  • Comma-separated:

    51.132.48.184,51.142.213.244,51.142.213.245,51.142.213.246

  • Newline-separated:

    51.132.48.184
51.142.213.244
51.142.213.245
51.142.213.246

us-1

  • Comma-separated:

    35.173.85.93,52.2.234.158,52.201.190.146

  • Newline-separated:

    35.173.85.93
52.2.234.158
52.201.190.146

us-2

  • Comma-separated:

    20.187.3.129,52.183.80.180,40.65.121.189,20.99.152.112,20.99.152.113,20.99.152.114

  • Newline-separated:

    20.187.3.129
52.183.80.180
40.65.121.189
20.99.152.112
20.99.152.113
20.99.152.114

us-3

  • Comma-separated:

    3.234.197.42,52.206.79.170,3.232.245.238,3.223.178.232,52.73.17.255,34.231.61.123

  • Newline-separated:

    3.234.197.42
52.206.79.170
3.232.245.238
3.223.178.232
52.73.17.255
34.231.61.123

jp-1

  • Comma-separated:

    52.243.46.143,20.44.169.64,20.44.169.65,20.44.169.66

  • Newline-separated:

    52.243.46.143
20.44.169.64
20.44.169.65
20.44.169.66

br-1

  • Comma-separated:

    18.231.199.106,54.232.123.222,54.94.155.76

  • Newline-separated:

    18.231.199.106
54.232.123.222
54.94.155.76

au-1

No static IP

in-1

No static IP

ch-1

No static IP

Third-party domains

Celonis Platform uses several third-party services. The domains for these third-party services may need to be added to your allowlist by your IT admin.

Third-party domain

Description

Can be deactivated if needed?

static.celonis.cloud

This domain is required to serve static assets such as JavaScript files, images, logos, etc.

No

id.celonis.cloud

This domain is required when users access the Celonis Platform using Single Sign On via Celonis ID.

No

rum.browser-intake-datadoghq.com

This domain is required for monitoring application performance from a customer perspective.

No

res.cloudinary.com

This domain is required for delivering image and video content as part of the AppCues integration.

Yes

fast.appcues.com

This domain is required for targeted notification banners to inform users about new features, maintenance windows, and other time sensitive information.

Yes

api.appcues.net

This domain is required for targeted notification banners to inform users about new features, maintenance windows, and other time sensitive information.

Yes

fonts.googleapis.com

This domain is required for delivering fonts as part of the AppCues integration.

Yes

fonts.gstatic.com

This domain is required for delivering fonts as part of the AppCues integration.

Yes

api.userlane.com

This is a content delivery network used for Training and Academy Celonis Platform environments only.

Yes

cdn.userlane.com

This is a content delivery network used for Training and Academy Celonis Platform environments only.

Yes

imgcdn.userlane.com

This is a content delivery network used for Training and Academy Celonis Platform environments only.

Yes

auth.userlane.com

This is a content delivery network used for Training and Academy Celonis Platform environments only.

Yes