OnBoard Access: What Sites to Allow through Your Firewall

Eric Biddle
Eric Biddle
  • Updated

To ensure a trouble-free OnBoard experience, organizations need to be certain that requests to OnBoard and its affiliated service providers are allowed past their firewalls.

Ports used by OnBoard

OnBoard follows well-established best practices and operates primarily on established ports common to all web traffic: ports 80 and 443. These ports are known to network administrators as the ports for clear text (unencrypted) web traffic (port 80) and for secure traffic (port 443). This clear text/encrypted separation is in use by the vast majority of sites on the web and should be no surprise to any system or network administrator.

Only the initial request to OnBoard is handled in plain text on port 80, and this request will be redirected to the secure port 443 for all subsequent requests and responses. At no time is customer information transferred in an unencrypted state.


Domains to allow

Your organization's firewall will need the following list of domains added to be allowed to pass traffic to your local machines. 

Communication with these domains is required for OnBoard to function properly.

These sites are:

Public URL for OnBoard https://app.onboardmeetings.com
Our authentication server https://auth.onboardmeetings.com
Messaging feature in OnBoard https://realtime.onboardmeetings.com
Public posting from OnBoard https://public.onboardmeetings.com
User and Organization Image storage https://*.cloudinary.com
Used for in-app tutorials

https://data.pendo.onboardmeetings.com

https://content.pendo.onboardmeetings.com

http://pendo.io

Consider adding these wildcards to cover any future services we may certify

https://*.passageways.com and

https://*.onboardmeetings.com 


Third-party Authentication Provider URIs

For your users to make use of third-party authentication providers (Microsoft and Google) must be allowed through as well. These domains are the official endpoints for their respective OAuth services. These are the most conservative URIs that can be allowed:

Google authentication server https://www.google.com/accounts/o8/
Microsoft authentication server https://login.live.com/

While adding the shorter Google URI https://www.google.com to the allowed sites list will work for OnBoard, it will allow all traffic that matches this shorter, less distinct pattern to flow through the firewall, potentially circumventing an organization’s network security policies. The longer, more distinct URI https://www.google.com/accounts/o8 will ensure only the OAuth endpoint traffic is allowed through.

 

Please get in touch with OnBoard Customer Support with any questions by submitting a ticket request or emailing help@onboardmeetings.com.

Was this article helpful?

5 out of 5 found this helpful

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.