×

Allow List Domains for ClickUp

/ ClickUp / By

How to Allow Required Domains for ClickUp

To make sure ClickUp works reliably in your workspace, you may need to allow specific domains in your firewall, proxy, VPN, and email security tools. This guide walks you through exactly which domains to allow and how to use them for web access, real-time connectivity, and email features.

Why You Must Allow ClickUp Domains

Modern security setups often block unknown or suspicious domains by default. When that happens, core features in your ClickUp workspace can break or behave unpredictably. By allowing the official domains described here, you help ensure that:

  • Workspaces load quickly and consistently.
  • Real-time updates, comments, and notifications stay in sync.
  • In-app and email notifications are delivered as expected.
  • Integrations and connected applications remain stable.

If your organization uses a strict allow list, provide this article or the original domain list from the ClickUp help center to your IT or security team.

Main Web Domains for ClickUp Access

Start by making sure the primary application and marketing domains for ClickUp are fully allowed in your organization. These domains must be reachable over HTTPS for users to sign in and use the platform.

Core ClickUp Application Domains

Allow these main domains in your firewall, content filter, or proxy configuration:

  • clickup.com
  • *.clickup.com

Allowing the wildcard covers subdomains used for workspace access, authentication, and dynamic content delivery.

Supporting ClickUp Services

Some supporting functionality is hosted on related domains. Ensure the following are also allowed:

  • clickup-attachments.com and *.clickup-attachments.com for file and attachment hosting.
  • clickup.help for help center resources and documentation.
  • clickupdocs.com and *.clickupdocs.com for document and knowledge base hosting.

Blocking any of these may disrupt images, attachments, or embedded documentation in your workspace.

ClickUp Real-Time and API Connectivity

Real-time collaboration and API traffic depend on additional domains and subdomains. These must be allowed to provide a stable ClickUp experience across teams.

WebSockets, APIs, and Real-Time Services

Configure your security tools to allow:

  • api.clickup.com for public API access.
  • wss.clickup.com or related WebSocket subdomains for live updates, notifications, and presence.

Your environment should allow secure WebSocket (WSS) traffic, not just standard HTTPS, so live features such as task updates and chat can sync instantly.

Third-Party and Infrastructure Domains Used by ClickUp

ClickUp uses industry-standard infrastructure, CDNs, and third-party tools to deliver content and services. The official domain list includes these providers and their respective domains, which may change over time.

For the most accurate and current information, always cross-check your configuration with the official documentation at this ClickUp domain allow list article. Your IT team should review that list regularly to ensure no required domains are blocked.

ClickUp Email Delivery and Notification Domains

To keep email-based notifications and workspace communication running smoothly, you must allow ClickUp-related email domains in your spam filters, email gateways, and allow lists.

Core ClickUp Email Sources

Make sure your email security tools allow message delivery from:

  • ClickUp notification domains and subdomains as documented in the official help article.
  • Transactional email providers used by ClickUp, such as major email delivery platforms referenced there.

If these domains are blocked or heavily throttled, users may experience delayed or missing notifications, confirmation messages, and workspace invitations.

Preventing Email Spoofing Issues

Some email security systems rely on DMARC, SPF, and DKIM checks. Your IT team should verify that:

  • Messages sent on behalf of ClickUp pass authentication checks.
  • Any custom routing or filtering rules do not quarantine legitimate workspace messages.
  • ClickUp email domains are explicitly added to allow lists or safe sender lists where needed.

Encourage users to check their spam or junk folders if they do not receive expected messages and to mark genuine ClickUp messages as safe.

Configuring Firewalls and Proxies for ClickUp

Many organizations use next-generation firewalls, secure web gateways, and proxies to control outbound and inbound traffic. To keep ClickUp accessible and secure, update your configuration with the following best practices.

Firewall Rules for ClickUp Traffic

  1. Identify all existing rules that may block unknown or uncategorized domains.
  2. Add allow rules for the primary ClickUp domains and subdomains listed in this guide and in the official documentation.
  3. Ensure outbound HTTPS (TCP 443) and any required WebSocket traffic to these domains is permitted.
  4. Apply changes to all relevant network segments used by your ClickUp users, including VPN networks.

Proxy and SSL Inspection Settings

If your environment uses SSL inspection or a proxy, configure it so that ClickUp traffic is handled without breaking encryption or blocking content unexpectedly.

  1. Review your proxy rules for clickup.com and related domains.
  2. Confirm that SSL inspection does not interfere with authentication or WebSocket connections.
  3. Consider bypassing deep inspection for ClickUp domains if it causes connectivity or performance problems.

After updates, have a user log in to ClickUp, load several spaces, open documents, and verify real-time updates to make sure everything behaves correctly.

Testing and Troubleshooting ClickUp Access

After your IT or security team updates the allow list, perform quick checks to confirm that all key features work as expected.

Basic Connectivity Checks

  • Confirm that users can sign in and navigate across spaces and tasks without errors.
  • Open attachments and embedded files to verify that external hosting domains are reachable.
  • Create or edit a document and ensure changes sync in real time for multiple users.

Notification and Email Checks

  • Trigger a task assignment or comment mention to test in-app notifications.
  • Verify that email notifications arrive promptly in users’ inboxes.
  • Check spam and quarantine folders to ensure ClickUp messages are not incorrectly filtered.

If issues persist, compare your configuration with the full, current list of required domains published on the ClickUp help center and update any missing entries.

Keeping Your ClickUp Configuration Up to Date

As ClickUp evolves, new services or infrastructure providers may be introduced. Your allow list should be reviewed on a regular basis to avoid unexpected disruptions.

  • Schedule periodic reviews of your network and email security rules.
  • Monitor release notes and help center updates from ClickUp.
  • Revisit firewall and proxy configurations whenever new features are adopted by your teams.

For strategic guidance on implementing secure, high-performing configurations for tools like ClickUp, you can also consult specialists such as Consultevo, who focus on productivity platform optimization.

By properly allowing the documented domains, you maintain a secure environment while giving your organization full access to the collaboration power of ClickUp.

Need Help With ClickUp?

If you want expert help building, automating, or scaling your ClickUp workspace, work with ConsultEvo — trusted ClickUp Solution Partners.

Get Help

“`

Verified by MonsterInsights