Minimal domain whitelist for Katalon Studio Enterprise — local execution only (no TestCloud/TestOps)

Web Testing
1

Hi Katalon Team,

Following up on my previous post regarding firewall whitelist for Katalon Studio Enterprise.

We have already whitelisted the following domains based on the official documentation:

  • admin.katalon.com
  • tunnel-manager.katalon.com
  • login.katalon.com
  • testcloud.katalon.com

However, we are still getting login errors when trying to authenticate Katalon Studio Enterprise.

image
image530×573 26 KB

Our situation has an additional constraint — our company’s network policy does not allow whitelisting all domains from the full list. We need a minimal, targeted whitelist for our specific use case.

Our use case:

  • Katalon Studio Enterprise running locally on Windows machines only
  • No TestCloud usage
  • No TestOps integration
  • Just need: license activation, login, and local test execution

Could you help us identify the minimum required domains specifically for:

  1. License activation & validation (Enterprise license)
  2. User login / authentication (Katalon account SSO)
  3. Local test execution (no cloud features)

We do not need domains for:

  • TestCloud
  • TestOps reporting
  • Remote execution
  • Plugin marketplace (can be done offline)

Is there an official breakdown of which domains are required per feature/function? That would help us submit a more targeted firewall request to our IT team.

Thanks in advance!

2

Hello @corey_y_he let me pass the info to our SE @athul.kannan

3

sure @nghi.phan , thanks!

4

check the below

5

Thanks @Monty_Bagati , I noticed the whitelist before, could you please help identify the minimum required domains that we can just do test execution locally?
Our use case:

  • Katalon Studio Enterprise running locally on Windows machines only
  • No TestCloud usage
  • No TestOps integration
  • Just need: license activation, login, and local test execution
6

Problem Analysis

Your login errors are occurring because your whitelist is incomplete for Katalon Studio Enterprise authentication. You’ve whitelisted the basic domains, but you’re missing at least one critical domain required for license activation and login. Additionally, if you’re using Katalon Studio version 9.3.0 or later, there’s another essential requirement related to the new SAML login approach.

Root Causes Identified

1. Missing testops.katalon.io

According to the official Katalon domain and IP whitelist, testops.katalon.io is explicitly required for “Online license authentication and activation for Katalon Studio” alongside admin.katalon.com and login.katalon.com.

2. Missing 127.0.0.1 (Localhost) for Katalon Studio 9.3.0+

From Katalon Studio version 9.3.0 onwards, Katalon uses a new SAML login approach. When you click “Log in from Browser”, you’re redirected to a local server on 127.0.0.1. In highly secure environments with proxy restrictions, this causes authentication failures. You must whitelist 127.0.0.1 in your proxy settings (not just firewall rules).

Minimal Required Whitelist for Your Use Case

Based on your specific requirements (Enterprise license, local Windows execution only, no TestCloud/TestOps), here’s the targeted whitelist:

Essential Domains (Required)

Domain Purpose Notes
admin.katalon.com License activation & validation Required for Enterprise license
login.katalon.com User authentication Required for account login
testops.katalon.io Online license authentication Currently missing from your whitelist
127.0.0.1 SAML login redirect (v9.3.0+) Whitelist in proxy settings, not firewall

Optional Domains (Not needed for your use case)

Domain Purpose Why you can skip
testcloud.katalon.com Cloud test execution You’re not using TestCloud
tunnel-manager.katalon.com TestCloud tunnel You’re not using TestCloud
katalon-test.s3-accelerate.amazonaws.com TestOps report uploads You’re not using TestOps
<your-subdomain>.katalon.io TestOps integration You’re not using TestOps
store.katalon.com Plugin marketplace Can be done offline
update.katalon.com Product usage analytics Optional

Step-by-Step Fix

Step 1: Update Your Firewall Whitelist

Add these domains to your firewall/network whitelist:

admin.katalon.com
login.katalon.com
testops.katalon.io

Step 2: Configure Proxy Settings (if using proxy)

If your network uses a proxy server, configure it in Katalon Studio:

  1. Open Katalon Studio and click ProfileLog out
  2. In the Welcome to Katalon Studio dialog, click Advanced settings
  3. Select Manual proxy configuration (or Use system proxy configuration)
  4. In the proxy configuration, add 127.0.0.1 to the Excludes field to bypass the proxy for localhost
  5. Click Save

Alternatively, if you’re using Katalon Test Execution - Local (command-line), add proxy arguments:

katalonc ... -proxyOption=MANUAL_CONFIG -proxyServerType=HTTP -proxyServerAddress=<proxy_address> -proxyServerPort=<port> -proxyUsername=<username> -proxyPassword=<password>

Step 3: Verify Your Katalon Studio Version

Check if you’re using version 9.3.0 or later:

  • Go to HelpAbout Katalon Studio
  • If version ≥ 9.3.0, ensure 127.0.0.1 is properly excluded from proxy rules

Step 4: Test Authentication

  1. Log out of Katalon Studio
  2. Click Log in from Browser
  3. Verify successful login and license activation

Key Considerations

  • Proxy vs. Firewall: Domain whitelisting typically applies to outbound traffic (firewall), while 127.0.0.1 is a proxy setting (not firewall). These are configured separately.
  • Wildcard vs. Specific Domains: The official documentation recommends whitelisting *.katalon.com as a catch-all, but your minimal list above covers only what you need.
  • SAML Login Redirect: The 127.0.0.1 requirement is specific to the browser-based login flow introduced in v9.3.0. If you use offline licenses or license servers, this may not apply.
  • IP Addresses: For inbound traffic (if TestCloud agents access your network), you’d need to whitelist specific IPs, but this doesn’t apply to your local-only use case.

References

7

Hi @subhransu.nayak ,

Tagging you for visibility.

8

Thank you very much for the detailed reply @Monty_Bagati . Will try based on this configuration.

9

hi @corey_y_he

your whitelist is missing testops.katalon.io, which is required for online license authentication alongside admin.katalon.com and login.katalon.com. That is almost certainly why login is failing

minimal required domains for your use case:

  • admin.katalon.com license activation/validation
  • login.katalon.com user authentication (SSO)
  • testops.katalon.io online license authentication

you can drop testcloud.katalon.com and tunnel-manager.katalon.com since you are not using TestCloud

one more thing: if you are on Katalon Studio 9.3.0 or later, the browser-based SAML login flow redirects through a local server on 127.0.0.1. If your environment uses a proxy, make sure 127.0.0.1 is added to the proxy excludes list in Katalon Studio’s Advanced settings, otherwise authentication will fail even with the correct domain whitelist

10

Thanks @depapp! Will ask our IT to add testops.katalon.io into whitelist and see if can work normal.

11

perfect. hope it works as expected