If your organization uses restrictive firewall or proxy server settings, allowlisting certain domain names can be necessary to ensure your Staffbase web application works as expected.
Staffbase strongly discourages the practice of allowlisting as it can affect the overall performance of your application. We currently do not support the use of allowlisting. The information available here can be used when necessary and when being aware of the limitations that come with it.
The URLs listed here can change without prior notification. Review this page periodically to ensure the URLs listed here match those allowed in your system.
Domain names to allow for your Staffbase platform
Allow these domain names for basic app functionality:
- Web application URL, for example, myapp.staffbase.com or your custom domain
- Service URLs (Learn more about how to determine the hosting infrastructure in the Support Portal article):
- For applications hosted on the US American hosting infrastructure: us1.staffbasestatic.com and backend.staffbase.com
- For applications hosted on the German hosting infrastructure: de1.staffbasestatic.com and de.staffbase.com
- For applications hosted on the Australian hosting infrastructure: au1.staffbasestatic.com and au.staffbase.com
For Staffbase Email, if your organization uses Google Workspace, your Gmail administrator needs to add the Staffbase Email sender address as an approved sender to ensure emails display correctly for your users. Learn more about Google Workspace approved senders.
Domain names to allow for App/Intranet
- Media URLs for Staffbase platform set up before March 2025:
- For applications hosted on the US American hosting infrastructure:
- media.staffbase.com
- cdn.eyo.net (Cloudfront CDN)
- media-us1.staffbase.com (🆕 added on September 28 2022)
- cdn-us1.staffbase.com (Cloudflare CDN, 🆕 added on September 28 2022)
- lambda-secure-media.staffbase.com (Secure Media)
- For applications hosted on the German hosting infrastructure:
- de-media.eyo.net
- de-cdn.eyo.net (Cloudfront CDN)
- media-de1.staffbase.com (🆕 added on September 28 2022)
- cdn-de1.staffbase.com (Cloudflare CDN, 🆕 added on September 28 2022)
- lambda-secure-media.eyo.net (Secure Media)
- For applications hosted on the US American hosting infrastructure:
For Staffbase platform set up in March 2025 or later, the only domain which needs to be allowlisted is your web app domain, for example myapp.staffbase.com or mycustomdomain.com. No additional domains are required for media usage.
Additional Domains in case of Partial Accessibility Issues:
- If your system can allow wildcard domains, allow: *.staffbase.com
- If your system requires allowing each URL separately, allow the following based on your hosting infrastructure (Learn more about how to determine the hosting infrastructure in the Support Portal article):
- US American Hosting Infrastructure
- plugincalendar-us1.staffbase.com
- pluginquizcalendar-us1.staffbase.com
- plugineventregistration-us1.staffbase.com
- pluginfiori-us1.staffbase.com
- pluginforms-us1.staffbase.com
- pluginintegrated-content-us1.staffbase.com
- pluginmaps-us1.staffbase.com
- pluginmealplan-us1.staffbase.com
- pluginms365-us1.staffbase.com
- pluginnetigate-us1.staffbase.com
- pluginsaml-us1.staffbase.com
- pluginsurveys-us1.staffbase.com
- pluginsurveymonkey-us1.staffbase.com
- powerautomateproxy-us1.staffbase.com
- wittywidgetwizard-us1.staffbase.com
- German Hosting Infrastructure
- plugincalendar-de1.staffbase.com
- pluginquizcalendar-de1.staffbase.com
- plugineventregistration-de1.staffbase.com
- pluginfiori-de1.staffbase.com
- pluginforms-de1.staffbase.com
- pluginintegrated-content-de1.staffbase.com
- pluginmaps-de1.staffbase.com
- pluginmealplan-de1.staffbase.com
- pluginms365-de1.staffbase.com
- pluginnetigate-de1.staffbase.com
- pluginsaml-de1.staffbase.com
- pluginsurveys-de1.staffbase.com
- pluginsurveymonkey-de1.staffbase.com
- powerautomateproxy-de1.staffbase.com
- wittywidgetwizard-de1.staffbase.com
- Integration Widgets
- m365-widgets.staffbase.com (Microsoft 365 Widgets)
- google-drive-widget.staffbase.com (Google Drive Widget)
- Custom Integrations
- If your application makes use of third party plugins or integrations, be sure to also include those in your list of allowed URLs
- US American Hosting Infrastructure
Mail notifications
Staffbase allows different options for sending emails and email notifications. If you are unsure which sending option you use, contact Staffbase Support or your Customer Success Manager.
The configuration differs slightly depending on your chosen sending option. However, for all sending options, you must set up
- DKIM: You’ll receive the DKIM configuration details once you begin the registration process.
- SPF: If you want to send emails from the domain
example.org, your SPF record might look like this:example.org TXT "v=sp1 include:spf.example.org ~all".
To include EU hosting IPs, you can update your SPF record as follows:example.org TXT "v=sp1 include:spf.example.org include:aws.de1.spf.staffbase.com ~all".
Learn more about Staffbase Employee Email (Classic) domain names and IP ranges here.
Mailjet
This is the default provider for the EU hosting infrastructure. To allow for email notifications, allowlist the domain name and IP address dedicated to the Staffbase service provided by Mailjet for our mail provider:
- SPF:
ip4:87.253.236.169 - Domain: mailjet.com
- Mailserver: @bnc3.mailjet.com
- Mailserver: @a297928.bnc3.mailjet.com
- Mailserver: @a1869926.bnc3.mailjet.com
- Mailserver: @a1850692.bnc3.mailjet.com - added on January 17 2024
- Mailserver: @a3002445.bnc3.mailjet.com 🆕 added on February 3 2025
- IP: 87.253.236.169
Mailgun
This is the default provider for the US and Australian hosting infrastructure.
- SPF:
include:mg.us1.spf.staffbase.comorinclude:mailgun.org
Amazon Web Services (AWS)
This service is the default if you use the Staffbase Email product as a standalone product. However, it is optional for all other Staffbase products. To allow for email notifications, extend your SPF record and allowlist the IP addresses dedicated to the Staffbase service:
EU hosting IPs:
- SPF:
include:aws.de1.spf.staffbase.com 206.55.156.123206.55.156.124206.55.156.125206.55.156.126206.55.156.127206.55.156.128206.55.156.129206.55.156.130206.55.156.131206.55.156.132
US hosting IPs:
- SPF:
include:aws.us1.spf.staffbase.com 216.221.170.75216.221.170.76216.221.170.77216.221.170.78216.221.170.250216.221.170.251216.221.171.11216.221.171.12216.221.171.14216.221.171.13
Australian hosting IPs:
- SPF:
include:aws.au1.spf.staffbase.com 76.223.131.10176.223.131.10276.223.131.10376.223.131.10476.223.131.105
You can assign a dedicated IP address pool to a Staffbase platform account. If you use a dedicated IP address pool, it must be allowlisted. To request one, contact Staffbase Support or your Customer Success Manager.
Direct SMTP connection
In case you operate your own SMTP relay service, you can connect the Staffbase platform directly to it. To configure SMTP, contact Staffbase Support or your Customer Success Manager.
SMTP is only supported with username and password authentication and requires a minimum of TLS 1.2 for secure connections.
The sending IP addresses are not guaranteed. Refer to the IP address ranges section below for details.
IP address ranges
Some firewalls and servers may allow based on IP addresses and not Domain names. Our system runs on cloud service providers and uses dynamic IPs to provide the app. This means that these IPs will change randomly and we do not get a running list of these addresses. Additionally, our web deployments rely upon CDNs that can use their own IP ranges. Our hosting providers also contribute additional IPs. Additional information on the CDNs as well as our hosting providers is available on our Security Page.
With our constant implementation of container architecture, there will be even more decoupled services in the future, resulting in more IP addresses and thus rendering the effort of maintaining such a list impracticable. To allow all the IPs that would be included in these ranges would mean needing to allow tens of thousands of CDIRs and even then it would be difficult to guarantee that those ranges would stay constant.