To ensure a trouble-free OnBoard experience, organizations need to be certain that requests to OnBoard and its affiliated service providers are allowed past their firewalls.
Ports used by OnBoard
OnBoard follows well-established best practices and operates primarily on established ports common to all web traffic: ports 80 and 443. These ports are known to network administrators as the ports for clear text (unencrypted) web traffic (port 80) and for secure traffic (port 443). This clear text/encrypted separation is in use by the vast majority of sites on the web and should be no surprise to any system or network administrator.
Only the initial request to OnBoard is handled in plain text on port 80, and this request will be redirected to the secure port 443 for all subsequent requests and responses. At no time is customer information transferred in an unencrypted state.
Domains to allow
Your organization's firewall will need the following list of domains added to be allowed to pass traffic to your local machines.
Communication with these domains is required for OnBoard to function properly.
These sites are:
|Public URL for OnBoard||https://app.onboardmeetings.com|
|Our authentication server||https://auth.onboardmeetings.com|
|Messaging feature in OnBoard||https://realtime.onboardmeetings.com|
|Public posting from OnBoard||https://public.onboardmeetings.com|
|User and Organization Image storage||https://*.cloudinary.com|
|Used for in-app tutorials|
|Consider adding these wildcards to cover any future services we may certify|
Third-party Authentication Provider URIs
For your users to make use of third-party authentication providers (Microsoft and Google) must be allowed through as well. These domains are the official endpoints for their respective OAuth services. These are the most conservative URIs that can be allowed:
|Google authentication server||https://www.google.com/accounts/o8/|
|Microsoft authentication server||https://login.live.com/|
While adding the shorter Google URI https://www.google.com to the allowed sites list will work for OnBoard, it will allow all traffic that matches this shorter, less distinct pattern to flow through the firewall, potentially circumventing an organization’s network security policies. The longer, more distinct URI https://www.google.com/accounts/o8 will ensure only the OAuth endpoint traffic is allowed through.