- Getting started
- Data security and compliance
- Organizations
- Authentication and security
- Licensing
- Tenants and services
- Accounts and roles
- External applications
- Testing in your organization
- AI Trust Layer
- Notifications
- Logging
- Troubleshooting
- Migrating to Automation Cloud Dedicated
Automation Cloud Dedicated admin guide
This page lists the domains (FQDNs) and outbound IP ranges (CIDRs) that must be allowed for Automation CloudTM Dedicated and associated UiPath services to function correctly in environments where network access is restricted to approved destinations. Depending on how your organization manages outbound and inbound traffic, these allow lists may be applied in your firewall or in another network security layer that governs external connectivity.
- DNS domain allowlist (FQDNs):
Apply when users, robots, or on-premises components connect to UiPath.
Examples include signing into Automation Cloud Portal, Orchestrator, or Test Manager, or accessing any UiPath interface. In these scenarios, your environment is the requester and the connectivity is controlled by DNS names. These domains must always be allow listed by FQDN (referred to in this page as domains), because their underlying infrastructure is distributed.
- Outbound IP ranges (CIDRs):
Apply when UiPath connects to your systems.
Examples include Automation Cloud Portal accessing your Azure Key Vault for Customer-Managed Keys, IXP syncing with Microsoft Exchange, Test Manager connecting to SAP, or Integration Service and Apps calling your endpoints. In these scenarios, UiPath is the requester, and your firewall sees traffic originating from UiPath outbound IP ranges. To allow traffic originating from UiPath, you must allow the corresponding CIDR blocks (referred to in this page as Outbound IP ranges).
To ensure uninterrupted access to UiPath services:
- Identify the UiPath services used in your tenant.
- For each service:
- Configure the domain allow list with all the mentioned domains.
- Configure the outbound IP ranges
where UiPath connects to your systems.
Note: When specified, use the outbound ranges that correspond to your tenant’s region.
If your tenant migrates to another region, update outbound IP ranges accordingly.
The following sections provide the required domains and outbound IP ranges that should be allowed for UiPath services.
Allow these domains used by Automation Cloud Dedicated Portal:
Domains
|
Scenario |
Domains |
|---|---|
|
Sign in with basic authentication |
|
|
Sign in with Azure Active Directory (Azure AD) |
https://aadcdn.msftauth.net
https://<customURL>.dedicated.uipath.com
https://login.microsoftonline.com |
|
Sign in with UiPath Assistant (basic email) |
*-signalr.service.signalr.netFor events related to signing in with basic authentication:
https://platform-cdn.uipath.com |
|
Sign in with UiPath Studio (basic email) |
https://api.nuget.org*-signalr.service.signalr.nethttps://gallery.uipath.comhttps://pkgs.dev.azure.comFor events related to signing in with basic authentication:
https://platform-cdn.uipath.com |
|
Static assets: Fonts, Styling and CDN hosted scripts |
Fonts: https://use.typekit.nethttps://fonts.gstatic.comhttps://platform-cdn.uipath.comImages: https://s.gravatar.comhttps://secure.gravatar.comhttps://*.wp.comhttps://*.googleusercontent.comhttps://i.ytimg.comhttps://platform-cdn.uipath.comCSS: https://fonts.googleapis.com/csshttps://use.typekit.nethttps://p.typekit.nethttps://platform-cdn.uipath.comScripts: https://primer.typekit.nethttps://use.typekit.nethttps://platform-cdn.uipath.com |
Outbound Robot connections
During the workflow execution, the Robot connects to different services to download required automation packages, check licenses, verify certificates, and more.
The following table lists the outbound connections that must be allowed:
|
Hostname |
Purpose |
|---|---|
|
|
For Automation Cloud Dedicated Orchestrator. |
|
|
To download Studio or Robot MSI installers during automatic updates. |
|
|
The Robot downloads the required activity packages. |
|
|
Azure CDN, used by Myget for distributing files |
|
|
Licensing Server. If we block this service then UiPath® is not able to check the license status and verify the data in the license folder. |
|
|
The Robot validates the root certification authority of the code signing certificate. Please notice that this happens only if the root certification authority is not already in the Windows Certificate Store. |
|
|
The Robot downloads the required activity dependencies. |
|
|
The Robot checks whether or not the code signing certificate has been revoked. |
|
|
To verify whether the Let's Encrypt certificate authority has revoked the code signing certificate. |
|
|
The Robot connects to Orchestrator's SignalR channels. |
|
|
The UiPath® Assistant sends the application errors to Sentry in order to track and solve the most usual problems. |
|
|
To enable UiPath Robots to store and retrieve data using Azure storage services. |
|
Note:
gallery.uipath.com/api/v2 redirects to
uipath.pkgs.visualstudio.com.
|
These are the URLs for the Marketplace NuGet feed |
|
|
The Robot uses these endpoints to send telemetry data. |
|
|
Used to load components for the UiPath® Assistant for Excel add-in. |
|
|
Proxy service used by the Live Streaming feature to connect between the robot and browser. |
Outbound IPs for notifications
You can configure Notification service systems to use SMTP servers from your own on-premises or cloud networks. If you want to provide additional security to your Notification service system, you can protect it with a firewall, and only allow Notification Service's outbound static IP ranges through it.
Contact the UiPath support team for the list of outbound IP ranges that you should allow behind the firewall.
Domains
The following table lists the domains used by Action Center that we recommend allowing, based on the functionality you plan to use:
|
Scenario |
Domains to Allow |
|---|---|
|
Authentication |
|
| Navigate to Action Center page |
|
| View/Assign/Un-assign/Delete an Action |
|
| Storage bucket (File upload/download) |
|
Domains
The following table lists the domains used by Automation Ops:
|
Scenario |
Domains to Allow |
|---|---|
|
Navigate to the Automation Ops page |
|
The following table lists the domains used by Data Service:
|
Scenario |
Domains to Allow |
|---|---|
|
All Data Service operations |
|
|
Fetching static frontend content |
|
|
Sending notifications to notification hub |
|
|
Collection of telemetry |
|
Domains
The following table lists the domains used by Insights:
|
Scenario |
Domains to Allow |
|---|---|
|
Navigate to the Insights page |
|
Outbound IP ranges
Limitations
Due to a limitation on Microsoft side for Log Export, you cannot set up inbound IP restriction when your Azure blob storage account and the Insights infrastructure is under the same region in Azure. For more information on this limitation, check the Restrictions for IP network rules page from the Microsoft Azure Blob Storage documentation.
Domains
The following table lists the domains used by Solutions:
|
Scenario |
Domains to Allow |
|---|---|
|
Navigate to the Solutions Management page |
|
|
Storage | *.blob.core.windows.net |
| Azure SignalR | *.service.signalr.net |
Domains
Robots send traffic to these Automation CloudTM Dedicated Orchestrator domains. We recommend that you allow these domains to ensure proper functioning of your automations, as described in the following table:
|
Module or Functionality |
Domains to Allow |
|---|---|
|
UiPath Orchestrator |
https://<customURL>.dedicated.uipath.com
https://orch-cdn.uipath.com |
|
Automation CloudTM Dedicated Robots - VM |
https://<customURL>.dedicated.uipath.com
|
|
Storage |
*.blob.core.windows.netIf using Amazon s3 buckets:
|
|
Package and library feeds (library, tenant processes, and others) |
https://pkgs.dev.azure.com |
|
Azure SignalR |
*.service.signalr.net |
|
Studio and Robot auto-update functionality |
https://download.uipath.com |
This section lists the domains used by Test Manager and the outbound IP ranges that you should consider allowing if you want to use various Test Manager capabilities.
Domains
The following table lists the domains used by Test Manager that we recommend allowing, based on the functionality you plan to use:
| Module or functionality | Domains to allow |
|---|---|
| UiPath Test Manager |
|
| Azure SignalR |
|
