Domain names that can be allowed for Staffbase app functionality
Employee App
Front Door Intranet
If your organization currently individually allows the domains below, we would recommend allowing both domains listed on each point to ensure the accessibility of all features.
If your organization uses restrictive firewall or proxy server settings, allowlisting certain domain names can be necessary to ensure your Staffbase web application works as expected.
Staffbase strongly discourages the practice of allowlisting as it can affect the overall performance of your application. We currently do not support the use of allowlisting. The information available here can be used when necessary and when being aware of the limitations that come with it.
The URLs listed here can change without prior notification. Review this page periodically to ensure the URLs listed here match those allowed in your system.
Domain names to allow
Allow these domain names for basic app functionality:
Web application URL, for example, myapp.staffbase.com or your custom domain
Service URLs (Learn more about how to determine the hosting infrastructure in the Support Portal article):
For applications hosted on the US American hosting infrastructure:
us1.staffbasestatic.com and backend.staffbase.com
For applications hosted on the German hosting infrastructure:
de1.staffbasestatic.com and de.staffbase.com
Media URLs:
For applications hosted on the US American hosting infrastructure:
media.staffbase.com
cdn.eyo.net (Cloudfront CDN)
media-us1.staffbase.com (🆕  added on September 28 2022)
cdn-us1.staffbase.com (Cloudflare CDN, 🆕  added on September 28 2022)
lambda-secure-media.staffbase.com (Secure Media)
For applications hosted on the German hosting infrastructure:
de-media.eyo.net
de-cdn.eyo.net (Cloudfront CDN)
media-de1.staffbase.com (🆕  added on September 28 2022)
cdn-de1.staffbase.com (Cloudflare CDN, 🆕  added on September 28 2022)
lambda-secure-media.eyo.net (Secure Media)
Additional Domains in case of Partial Accessibility Issues:
If your system can allow wildcard domains, allow: *.staffbase.com
If your system requires allowing each URL separately, allow the following based on your hosting infrastructure (Learn more about how to determine the hosting infrastructure in the Support Portal article):
If your application makes use of third party plugins or integrations, be sure to also include those in your list of allowed URLs
Mail notifications
For platforms on the German hosting infrastructure, to allow for email notifications, allowlist the domain name and IP address dedicated to the Staffbase service provided by Mailjet for our mail provider:
Domain: mailjet.com
Mailserver: @bnc3.mailjet.com
Mailserver: @a297928.bnc3.mailjet.com
Mailserver: @a1869926.bnc3.mailjet.com
Mailserver: @a1850692.bnc3.mailjet.com 🆕  added on January 17 2024
IP: 87.253.236.169
Learn more about Staffbase Email domain names and IP ranges here.
IP address ranges
Some firewalls and servers may allow based on IP addresses and not Domain names. Our system runs on cloud service providers and uses dynamic IPs to provide the app. This means that these IPs will change randomly and we do not get a running list of these addresses. Additionally, our web deployments rely upon CDNs that can use their own IP ranges. Our hosting providers also contribute additional IPs. Additional information on the CDNs as well as our hosting providers is available on our Security Page.
With our constant implementation of container architecture, there will be even more decoupled services in the future, resulting in more IP addresses and thus rendering the effort of maintaining such a list impracticable. To allow all the IPs that would be included in these ranges would mean needing to allow tens of thousands of CDIRs and even then it would be difficult to guarantee that those ranges would stay constant.