We are resolving this incident after affected customers confirmed that updating their allowlisted domain .*alloy.com in their security vendor restored dashboard access. The issue was limited to customers who control Alloy dashboard access via Allowlisted IPs and use a security vendor that routes traffic over dedicated IPs based on domain.
Posted Sep 20, 2025 - 12:32 EDT
Update
Customers who use a security vendor to allowlist domains for making outbound requests though specific IPs to Alloy must now allowlist the new *.alloy.com domain. Example vendors include (but are not limited to) Zscaler, Cloudflare, Optimum, and Charter Communications.
Posted Sep 19, 2025 - 18:47 EDT
Update
As part of our vanity domain rollout, Alloy’s dashboard domain has been updated from app.alloy.co to app.alloy.com. Customers using Zscaler will need to update their configuration to allowlist the following domain: *.alloy.com. This will allow specific hostnames go through specific outbound IPs, which have already been allowlisted in the Alloy dashboard settings, instead of Zscaler’s public IPs for generic outbound traffic.
Posted Sep 19, 2025 - 16:35 EDT
Identified
We’ve determined that the login issues are specifically related to connections routed through Zscaler. Customers utilizing Zscaler solutions for secure internet access and experiencing difficulties logging into Alloy are recommended to reach out directly to Zscaler Support for assistance.
Posted Sep 19, 2025 - 14:52 EDT
Investigating
We’re investigating reports of login failures affecting only customers who limit Alloy dashboard access via Allowlisted IPs. All other services and login methods remain fully operational.
Our team is actively investigating and we will share updates as they become available.