Domain allowlists
Allowlist requirements for Eptura devices
If you use allowlists or denylists, you must allow access to the fully qualified domain names (FQDN) listed below.
All devices (unless noted otherwise)
All devices require access to the FQDNs listed in the table. This includes:
- Eptura Room Screens v3
- Third-party devices running the Eptura Room Screen app
- Eptura (Condeco) Room Screens v2
- Condeco Desk Screens v3 for Eptura Engage
| Domain | Protocol / PORT | Fully Qualified Domain Names | Reason / Usage |
|---|---|---|---|
| *.appcenter.ms | HTTPS/443 | in.appcenter.ms | Application Logging |
| *.connectproduction.azure-devices.net | HTTPS/443 | connectproduction.azure-devices.net | IoT messages |
| *.condecoconnect.com | HTTPS/443 | portal.condecoconnect.com | API calls (registration, RFID etc.) |
| *.condecoconnect.com | HTTPS/443 | storage.condecoconnect.com | Config data and firmware versions |
| *.condecoconnect.com | HTTPS/443 | services.condecoconnect.com | Connection test endpoint |
| Appropriate calendar service URL | HTTPS/443 | ||
|
*.sentry.io Not required for Eptura (Condeco) Room Screens v2 |
HTTPS/443 |
o167730.ingest.us.sentry.io |
Application Logging |
Eptura Room Screen v3 and third-party devices running the Eptura Room Screen app
The Eptura Room Screen v3 and third-party devices running the Eptura Room Screen app, require access to all the FQDNs listed for All devices above, plus the following:
| Domain | Protocol / PORT | Fully Qualified Domain Names | Reason / Usage |
|---|---|---|---|
Eptura Room Screen v3 only: |
|||
| api.prod.active-eptura.com | HTTPS/443 | api.prod.active-eptura.com | To download new APK files |
| eptura-cloud-prod-apk-files.s3.us-east-2.amazonaws.com | HTTPS/443 | eptura-cloud-prod-apk-files.s3.us-east-2.amazonaws.com | For protected file storage |
Eptura Room Screen v3 and third-party devices running the Eptura Room Screen app: |
|||
| *.googleapis.com | HTTPS/443 | firebaseinstallations.googleapis.com | Capture analytics data |
| devicehub-devicecode-westeurope-prd.azurewebsites.net | HTTPS/443 | devicehub-devicecode-westeurope-prd.azurewebsites.net | Activating Android screens |
| connectblobstorage.blob.core.windows.net | HTTPS/443 | connectblobstorage.blob.core.windows.net | Azure blob storage |
| *.condecoconnect.com | HTTPS/443 | devices.condecoconnect.com | Required for the software update call |
| *.crashlytics.com | HTTPS/443 | firebase-settings.crashlytics.com | Capture analytics data |
| *.googleapis.com | HTTPS/443 | crashlyticsreports-pa.googleapis.com | Capture analytics data |
| app-measurement.com | HTTPS/443 | app-measurement.com | Capture analytics data |
| login.microsoftonline.com | HTTPS/443 | login.microsoftonline.com | Graph API URL for authentication and creating meeting |
| graph.microsoft.com | HTTPS/443 | graph.microsoft.com | Graph API URL for authentication and creating meeting |
NTP Service
By default, screens are configured to use the standard NTP services listed below, however, they can be configured to use a custom NTP service. At least one of the NTP servers must be added to the allowlist:
| NTP Service | NTP server | Protocol / PORT | Reason / Usage |
|---|---|---|---|
| Android | time.android.com | NTP/123 (UDP only) | Time synchronization – only 1 required. The screen contacts the NTP servers in the order shown here. time.local is included to allow a customer to apply an internal NTP server if required |
| Apple | time.apple.com | ||
| time.google.com | |||
| Android | 2.android.pool.ntp.org | ||
| Time.Local | time.local | ||
| Custom NTP | NTP/123 (UDP only) | A custom NTP server can be configured. |
Device Hub
The Device Hub requires access to all the FQDNs listed in the table:
| Domain | Protocol / PORT | Fully Qualified Domain Names | Reason / Usage |
|---|---|---|---|
| *.login.microsoftonline.com | HTTPS/443 | CondecoConnect.onmicrosoft.com | Azure Active Directory Business-to-Consumer. Responsible for user account sign-up, sign-in, profile edit, and password reset functions. |
| portal.condecoconnect.com | HTTPS/443 | portal.condecoconnect.com | URL for Eptura Device Hub. Used by Eptura screens and APIs. |
| cdn.linearicons.com | HTTPS/443 | https://cdn.linearicons.com/free/ 1.0.0/icon-font.min.css |
CSS for font icons in the Device Hub UI. |
| cdnjs.cloudflare.com | HTTPS/443 | https://cdnjs.cloudflare.com/ajax/ libs/bluebird/3.3.5/bluebird.min.js |
Java Script and fonts used by Device Hub UI. |
| fonts.googleapis.com | HTTPS/443 | https://cdnjs.cloudflare.com/ajax/ libs/bluebird/3.3.5/bluebird.min.js |
Fonts in Device Hub UI. |
| widget.uservoice.com | HTTPS/443 | widget.uservoice.comcondeco.uservoice.com |
Customer feedback on the Device Hub. |
| connectblobstorage.blob.core.windows.net | HTTPS/443 | http://connectblobstorage.blob. core.windows.net/ |
Used by Condeco storage accounts for storing various static content such as device information version information, etc. |
| by2.uservoice.com | |||
| az416426.vo.msecnd.net | |||
| fonts.gstatic.com | HTTPS/443 | fonts.gstatic.com | Fonts in login component of the Device Hub UI. |
| dc.services.visualstudio.com | |||
| *.condecoconnect.com | HTTPS/443 | https://westeurope.condecoconnect.com/ SelfService/ |
Base URL for the Device Hub and Eptura screens. |
Emails
| Domain | Protocol / PORT | Fully Qualified Domain Names | Reason / Usage |
|---|---|---|---|
| *.ct.sendgrid.net | HTTPS/443 | https://mc.sendgrid.com/ | For sending emails |
| westeurope.azureedge.net | HTTPS/443 | https://westeurope.azureedge.net | For email template file in CDN |
Mobile API
| Domain | Protocol / PORT | Fully Qualified Domain Names | Reason / Usage |
|---|---|---|---|
| connectpasswordless.azurewebsites.net | HTTPS/443 | connectpasswordless.azurewebsites.net | Getting/revoking token for mobile API/add-in. |
| westeurope.condecoconnect.com/ | HTTPS/443 | https://westeurope.condecoconnect.com/ | Device Hub domain URL. |