Copado Backends - Reserved IP Addresses

Updated 2 weeks ago by Copado Solutions

Which Copado Backend Are You Using?
Please note that the applicable IP addresses below are based on the Copado backend configured in your Copado managed package installation within your Salesforce org. If you are not sure which Copado backend you are using, please reach out to your CSM or create a support case for further assistance.

Copado's core DevOps backends utilize reserved static IP addresses to authenticate and communicate securely with Salesforce orgs and Git repositories, as well as other cloud and on-premise resources. 

CopaGCP DevOps Backend (Default, as of Oct 2021)

If you are in the North America region, add:

  • 35.243.255.155
  • 35.235.92.254

If you are in the EMEA region, add:

  • 34.107.90.223
  • 34.91.173.111

If you are in the UK region, add:

  • 34.142.127.171
  • 34.89.238.112

CopaGCP reserved static IPs support:

  • IP Whitelisting of HTTPS or SSH connections to Git repositories.
  • IP Whitelisting of HTTPS connections to other cloud/on-premise services.
  • Login IP Ranges and Network Access restrictions in Salesforce orgs.
If you haven't explicitly requested our Support team to be configured under another region such as EMEA or UK, your organization will be configured in the North America region by default.

Heroku DevOps Backend (Legacy)

If you are under the USA region, add:

  • 18.233.58.2
  • 35.174.57.133 
  • 54.88.136.216 
  • 54.84.188.199
  • 54.173.229.200
  • 54.175.230.252

If you are under the Europe region, add:

  • 34.246.18.129 
  • 34.246.45.11 
  • 52.16.121.13
  • 54.154.218.66
  • 99.80.183.117
  • 99.81.135.32

Heroku reserved static IPs support:

  • IP Whitelisting of HTTPS to Git repositories or other services (i.e., Jira).
  • Login IP Ranges and Network Access restrictions in Salesforce orgs (see the Additional Considerations section).
If you haven't explicitly requested our Support team to be under the Europe region, your organization will be located under the USA region by default.

IP Restrictions in Salesforce Orgs

If you have Login IP Ranges defined in the profiles of your Salesforce org and sandboxes, follow the instructions under Additional Considerations

To add these reserved IP addresses to the trusted IPs in your specific orgs, follow these steps:

  1. Navigate to Setup > Network Access.
  2. Click on New next to Trusted IP Ranges and add each of the following individual IP addresses, based on the Copado DevOps backend your installation is utilizing:
Please note that each of the provided IP addresses is an individual IP address and not an IP range. 
  1. Click on Save to save the changes.

Additional Considerations

  • If there are IP restrictions at the profile level, you will also need to add these addresses in the Login IP Ranges section of the profile.
  • If you are configured and using our Heroku DevOps backend, please ensure that you properly disable the following as well:
    • Navigate to Setup > Session Settings and make sure the below checkboxes are NOT enabled:
      • Enforce login IP ranges on every request
      • Lock sessions to the IP address from which they originated
Security Improvement
If your installation is configured to utilize our CopaGCP DevOps backend, Enforce login IP ranges on every request and Lock sessions to the IP address from which they originated are both supported by default, and disabling them is not required for proper function.

If your organization enforces policies that require the above settings to be enabled in your Salesforce orgs, and you are utilizing our Heroku DevOps backend, submit a case with Copado Support for further assistance.

IP Addresses for Copado Functions 

When working with functions, Copado provides the following reserved static IP address(es):

If you are under the North America region, add:

  • 35.196.204.156

Copado Functions reserved static IPs support:

  • IP Whitelisting of HTTPS or SSH connections to Git repositories.
  • IP Whitelisting of HTTPS connections to other cloud/on-premise services.
  • Login IP Ranges and Network Access restrictions in Salesforce orgs.


How did we do?