Allowlisting Staffbase App / Intranet

Domain names that can be allowed for Staffbase app functionality

Employee App
Front Door Intranet

If your organization currently individually allows the domains below, we would recommend allowing both domains listed on each point to ensure the accessibility of all features.


If your organization uses restrictive firewall or proxy server settings, allowlisting certain domain names can be necessary to ensure your Staffbase web application works as expected.

Staffbase strongly discourages the practice of allowlisting as it can affect the overall performance of your application. We currently do not support the use of allowlisting. The information available here can be used when necessary and when being aware of the limitations that come with it.

The URLs listed here can change without prior notification. Review this page periodically to ensure the URLs listed here match those allowed in your system.

Allow these domain names for basic app functionality:

  • Web application URL, for example, myapp.staffbase.com or your custom domain
  • Service URLs (Learn more about how to determine the hosting infrastructure in the Support Portal article):
    • For applications hosted on the US American hosting infrastructure: us1.staffbasestatic.com and backend.staffbase.com
    • For applications hosted on the German hosting infrastructure: de1.staffbasestatic.com and de.staffbase.com
  • Media URLs:
    • For applications hosted on the US American hosting infrastructure:
      • media.staffbase.com
      • cdn.eyo.net (Cloudfront CDN)
      • media-us1.staffbase.com (🆕  added on September 28 2022)
      • cdn-us1.staffbase.com (Cloudflare CDN, 🆕  added on September 28 2022)
      • lambda-secure-media.staffbase.com (Secure Media)
    • For applications hosted on the German hosting infrastructure:
      • de-media.eyo.net
      • de-cdn.eyo.net (Cloudfront CDN)
      • media-de1.staffbase.com (🆕  added on September 28 2022)
      • cdn-de1.staffbase.com (Cloudflare CDN, 🆕  added on September 28 2022)
      • lambda-secure-media.eyo.net (Secure Media)

Additional Domains in case of Partial Accessibility Issues:

  • If your system can allow wildcard domains, allow: *.staffbase.com
  • If your system requires allowing each URL separately, allow the following based on your hosting infrastructure (Learn more about how to determine the hosting infrastructure in the Support Portal article):
    • US American Hosting Infrastructure
      • plugincalendar-us1.staffbase.com
      • pluginquizcalendar-us1.staffbase.com
      • plugineventregistration-us1.staffbase.com
      • pluginfiori-us1.staffbase.com
      • pluginforms-us1.staffbase.com
      • pluginintegrated-content-us1.staffbase.com
      • pluginmaps-us1.staffbase.com
      • pluginmealplan-us1.staffbase.com
      • pluginms365-us1.staffbase.com
      • pluginnetigate-us1.staffbase.com
      • pluginsaml-us1.staffbase.com
      • pluginsurveys-us1.staffbase.com
      • pluginsurveymonkey-us1.staffbase.com
      • powerautomateproxy-us1.staffbase.com
      • wittywidgetwizard-us1.staffbase.com
    • German Hosting Infrastructure
      • plugincalendar-de1.staffbase.com
      • pluginquizcalendar-de1.staffbase.com
      • plugineventregistration-de1.staffbase.com
      • pluginfiori-de1.staffbase.com
      • pluginforms-de1.staffbase.com
      • pluginintegrated-content-de1.staffbase.com
      • pluginmaps-de1.staffbase.com
      • pluginmealplan-de1.staffbase.com
      • pluginms365-de1.staffbase.com
      • pluginnetigate-de1.staffbase.com
      • pluginsaml-de1.staffbase.com
      • pluginsurveys-de1.staffbase.com
      • pluginsurveymonkey-de1.staffbase.com
      • powerautomateproxy-de1.staffbase.com
      • wittywidgetwizard-de1.staffbase.com
    • Integration Widgets
      • m365-widgets.staffbase.com (Microsoft 365 Widgets)
      • google-drive-widget.staffbase.com (Google Drive Widget)
    • Custom Integrations
      • If your application makes use of third party plugins or integrations, be sure to also include those in your list of allowed URLs

For platforms on the German hosting infrastructure, to allow for email notifications, allowlist the domain name and IP address dedicated to the Staffbase service provided by Mailjet for our mail provider:

  • Domain: mailjet.com
  • Mailserver: @bnc3.mailjet.com
  • Mailserver: @a297928.bnc3.mailjet.com
  • Mailserver: @a1869926.bnc3.mailjet.com
  • Mailserver: @a1850692.bnc3.mailjet.com 🆕  added on January 17 2024
  • IP: 87.253.236.169

Learn more about Staffbase Email domain names and IP ranges here.

Some firewalls and servers may allow based on IP addresses and not Domain names. Our system runs on cloud service providers and uses dynamic IPs to provide the app. This means that these IPs will change randomly and we do not get a running list of these addresses. Additionally, our web deployments rely upon CDNs that can use their own IP ranges. Our hosting providers also contribute additional IPs. Additional information on the CDNs as well as our hosting providers is available on our Security Page.

With our constant implementation of container architecture, there will be even more decoupled services in the future, resulting in more IP addresses and thus rendering the effort of maintaining such a list impracticable. To allow all the IPs that would be included in these ranges would mean needing to allow tens of thousands of CDIRs and even then it would be difficult to guarantee that those ranges would stay constant.