This site requires JavaScript to be enabled
External Customer KB > General > OneLogin Domains and IP addresses
OneLogin Domains and IP addresses
Article: KB0010432 Published: 04/02/2025 Last modified: 04/02/2025

This document provides the domains, ports, and IP addresses that OneLogin uses to communicate with other services.

  • Use domain allow lists for your end-user systems that access the OneLogin SSO portal and other user interfaces.
  • Use IP allow lists for on-premises agents, like Active Directory connectors, LDAP connectors, and proxy agents, as well as for apps provisioned by OneLogin.

Note: We do not support access from anonymous IP addresses.

Table of Contents

 

 

Domains

your-domain.onelogin.com

cdn.onelogin.com

portal-cdn.onelogin.com

web-login-v2-cdn.onelogin.com

North America Domains

your-domain.admin.us.onelogin.com

your-domain.login.us.onelogin.com

admin.us.onelogin.com

dsl.us.onelogin.com

api.us.onelogin.com (v1 and v2 API)

api.onelogin.com (legacy v.1-v.3 API)

smux.us.onelogin.com

certs.us.onelogin.com

radius.us.onelogin.com

radius2.us.onelogin.com

ldap.us.onelogin.com

pki-us.onelogin.com

desktop-us.onelogin.com

Backward-Compatible North America Domains

app.onelogin.com

certs.onelogin.com

Europe Domains

your-domain.admin.eu.onelogin.com

your-domain.login.eu.onelogin.com

admin.eu.onelogin.com

api.eu.onelogin.com (v1 and v2 API)

api-eu.onelogin.com (legacy v.1-v.3 API)

smux.eu.onelogin.com

radius.eu.onelogin.com

radius2.eu.onelogin.com

ldap.eu.onelogin.com

 

 

Ports

Allow the following ports when server components or browsers contact OneLogin:

53 (TCP/UDP)

80 (TCP)

88 (TCP/UDP)

135 (TCP/UDP)

443 (TCP/UDP)

636 (TCP)

1812 (UDP)

464 (TCP/UDP)

49152-65535 (TCP)

This range is needed when using Active Directory.

 

 

IP Addresses

These are general IP allow lists that can be used in (but aren't limited to) on-premise agents or Active Directory.

OneLogin customers who connect to web-login-v2-cdn.onelogin.com will access AWS Cloudfront, which has a rotating set of IP addresses. Click here for more information.

Install Active Directory on a domain-joined Windows server and open your firewall for outbound traffic to the addresses below.

North America IP Addresses

23.183.113.12

23.183.112.12

52.34.255.194/31

52.34.255.196/30

52.34.255.200/29

52.34.255.208/28

52.34.255.224/27

18.216.23.64/26 (18.216.23.64 - 18.216.23.127)

52.24.165.42

52.15.145.203

13.52.4.72/29 (13.52.4.72 - 13.52.4.79)

23.183.112.0/24

23.183.113.0/24

Europe IP Addresses

23.183.113.14

23.183.112.14

52.29.255.192/26 (52.29.255.192 - 52.29.255.255)

52.48.63.0/26 (52.48.63.0 - 52.48.63.63)

18.130.91.64/29 (18.130.91.64 - 18.130.91.71)

23.183.112.0/24

23.183.113.0/24

Email IP Addresses

OneLogin uses two dedicated IP addresses to send email:

167.89.76.151

198.21.5.193

NAS IPs for RADIUS Servers

Configure RADIUS for authentication on your device using the following settings:

When possible, use the RADIUS server domain name rather than the IP address, as IP addresses may change.

NAS Configuration

OneLogin - US

OneLogin - EU

AAA/RADIUS Primary Server

Domain: radius.us.onelogin.com

IP: 23.183.113.15

Domain: radius.eu.onelogin.com

IP: 23.183.113.18

AAA/RADIUS Secondary Server

Domain: radius2.us.onelogin.com

IP: 23.183.112.15

Domain: radius2.eu.onelogin.com

IP: 23.183.112.18

Authentication Scheme

PAP or EAP-TTLS/PAP

RADIUS Port

UDP/1812

Secret/Key

Enter the Secret string from your OneLogin configuration.

 

 

TLS configuration

ECDHE-ECDSA-AES128-GCM-SHA256

ECDHE-RSA-AES128-GCM-SHA256

ECDHE-ECDSA-AES256-GCM-SHA384

ECDHE-RSA-AES256-GCM-SHA384

ECDHE-ECDSA-CHACHA20-POLY1305

ECDHE-RSA-CHACHA20-POLY1305

DHE-RSA-AES128-GCM-SHA256

DHE-RSA-AES256-GCM-SHA384

no-sslv3

no-tlsv10

no-tlsv11
Expand/Collapse Comments
:     
Was this helpful?
YesYesNoNo