This site requires JavaScript to be enabled
External Customer KB > General > OneLogin Domains and IP addresses
OneLogin Domains and IP addresses
Article: KB0010432 Published: 09/07/2022 Last modified: 09/07/2022

This document provides the domains, IP addresses, and ports that OneLogin uses to communicate with other services. 

Use domain allow lists (not IP allow lists) for your end-user systems that access the OneLogin SSO portal and other user interfaces. Use IP allow lists for on-premises agents, like Active Directory Connector, LDAP Connector, and Proxy Agents, as well as for apps provisioned by OneLogin.

North America & European domains

The domains below apply to US and EU shards.

North America domains (new /1 API) (legacy v1-v3 API)

Backward-compatible North America domains (North American & European) (North American & European) (North American & European)

Europe domains (new /1 API) (legacy v1-v3 API)


Allow the following ports when server components or browsers contact OneLogin:

80 (TCP)

443 (TCP)

1812 (UDP) 

443 (TCP)

636 (TCP)

88 (TCP/UDP)

464 (TCP/UDP)

53 (TCP/UDP)

IP addresses 

Note: These are general IP allow lists that can be used, but isn't limited to, on-premise agents or Active Directory. 

Install Active Directory on a domain-joined Windows server and open your firewall for outbound traffic to the addresses in the table below. 

North America ( - ( -
Europe ( - ( - ( -

In addition, OneLogin uses two dedicated IP addresses to send email:

Note: OneLogin customers who connect to will access AWS Cloudfront, which has a rotating set of IP addresses. For more information, click here

NAS IP Addresses for RADIUS Servers

Configure RADIUS for authentication on your device using the following settings:

When possible, use the RADIUS server domain name rather than the IP address, as IP addresses may change.

NAS configuration US OneLogin DB shard EU OneLogin DB shard
AAA/RADIUS primary server
AAA/RADIUS secondary server
Authentication scheme PAP, EAP-TTLS/PAP, EAP-PEAP/MSCHAPv2
RADIUS Port UDP/1812
Secret/key Same as the shared secret entered on the OneLogin Radius configuration page

TLS configuration












Expand/Collapse Comments
Was this helpful?