Alloy experienced a minor incident on September 19, 2025 affecting Customer Dashboard, lasting 22h 18m. The incident has been resolved; the full update timeline is below.
Affected components
Update timeline
- investigating Sep 19, 2025, 06:13 PM UTC
We’re investigating reports of login failures affecting only customers who limit Alloy dashboard access via Allowlisted IPs. All other services and login methods remain fully operational. Our team is actively investigating and we will share updates as they become available.
- identified Sep 19, 2025, 06:52 PM UTC
We’ve determined that the login issues are specifically related to connections routed through Zscaler. Customers utilizing Zscaler solutions for secure internet access and experiencing difficulties logging into Alloy are recommended to reach out directly to Zscaler Support for assistance.
- identified Sep 19, 2025, 08:35 PM UTC
As part of our vanity domain rollout, Alloy’s dashboard domain has been updated from app.alloy.co to app.alloy.com. Customers using Zscaler will need to update their configuration to allowlist the following domain: *.alloy.com. This will allow specific hostnames go through specific outbound IPs, which have already been allowlisted in the Alloy dashboard settings, instead of Zscaler’s public IPs for generic outbound traffic.
- identified Sep 19, 2025, 10:47 PM UTC
Customers who use a security vendor to allowlist domains for making outbound requests though specific IPs to Alloy must now allowlist the new *.alloy.com domain. Example vendors include (but are not limited to) Zscaler, Cloudflare, Optimum, and Charter Communications.
- resolved Sep 20, 2025, 04:32 PM UTC
We are resolving this incident after affected customers confirmed that updating their allowlisted domain .*alloy.com in their security vendor restored dashboard access. The issue was limited to customers who control Alloy dashboard access via Allowlisted IPs and use a security vendor that routes traffic over dedicated IPs based on domain.