If your company uses a VPN, the Kadence Agent may have difficulty detecting the correct public IP address needed for automatic check-ins. This can happen when VPN traffic blocks or reroutes external IP lookup requests.
Why Whitelisting Is Needed
Kadence Agent determines whether a user is physically in a building by checking the device’s public IP address and comparing it to the IP ranges associated with your buildings.
Some VPNs:
Mask or replace the public IP address
Block outbound requests to IP lookup services
Route traffic through shared gateways that do not match building IPs
Whitelisting ensures Kadence can accurately detect the user’s public IP even when a VPN is active.
Domains and Endpoints to Whitelist
Please allow outbound access to the following Kadence endpoints:
Primary domain
https://api.onkadence.co
Specific endpoints used by Kadence Agent
https://api.onkadence.co/v1/my-ip
https://api.onkadence.co/v1/ip-check-in
These endpoints are required for:
Detecting the device’s public IP address
Validating automatic check-in eligibility
What to Configure
In your VPN, firewall, or secure web gateway:
Allow HTTPS traffic (TCP 443) to the domains listed above
Ensure traffic is not intercepted, rewritten, or blocked
Exclude these endpoints from SSL inspection if applicable
After Whitelisting
Once whitelisting is complete:
Kadence Agent will correctly identify the user’s public IP
Automatic check-in will function as expected when users connect to the building network
Manual check-in will still remain available as a fallback
Troubleshooting Tips
Changes to VPN policies may take time to propagate
Users may need to restart the Kadence Agent after changes are applied
If automatic check-in still fails, verify the building IP ranges configured in Kadence at the building setting level. See our guide here.
Need Help?
For support, reach out to:
📩 [email protected]
For more helpful articles see:
📚 Kadence Help Center