Domain allowlists
Allowlist requirements for Condeco devices
If you use allowlists or denylists you must allow access to the fully qualified domains listed below.
All devices (unless noted otherwise)
Condeco desk booking screens v3; Condeco meeting room screens v2; Eptura room screens v3; and third-party devices.
| Domain | Protocol / PORT | Fully Qualified Domain Names | Reason / Usage |
|---|---|---|---|
| *.appcenter.ms | HTTPS/443 | in.appcenter.ms | Application Logging |
| *.connectproduction.azure-devices.net | HTTPS/443 | connectproduction.azure-devices.net | IoT messages |
| *.condecoconnect.com | HTTPS/443 | portal.condecoconnect.com | API calls (registration, RFID etc.) |
| *.condecoconnect.com | HTTPS/443 | storage.condecoconnect.com | Config data and firmware versions |
| *.condecoconnect.com | HTTPS/443 | services.condecoconnect.com | Connection test endpoint |
| Appropriate calendar service URL | HTTPS/443 | ||
| *.sentry.io (Not required for Condeco meeting room screens v2) | HTTPS/443 | o167730.ingest.us.sentry.io | Application Logging |
Eptura room screen v3 and third-party devices
All the domains listed for All devices above, plus the following:
| Domain | Protocol / PORT | Fully Qualified Domain Names | Reason / Usage |
|---|---|---|---|
Eptura room screen v3 only: |
|||
| api.prod.active-eptura.com | HTTPS/443 | api.prod.active-eptura.com | To download new APK files |
| eptura-cloud-prod-apk-files.s3.us-east-2.amazonaws.com | HTTPS/443 | eptura-cloud-prod-apk-files.s3.us-east-2.amazonaws.com | For protected file storage |
Eptura room screen v3 and third-party devices: |
|||
| *.googleapis.com | HTTPS/443 | firebaseinstallations.googleapis.com | Capture analytics data |
| devicehub-devicecode-westeurope-prd.azurewebsites.net | HTTPS/443 | devicehub-devicecode-westeurope-prd.azurewebsites.net | Activating Android screens |
| conectblobstorage.blob.core.windows.net | HTTPS/443 | conectblobstorage.blob.core.windows.net | Azure blob storage |
| *.condecoconnect.com | HTTPS/443 | devices.condecoconnect.com | Required for the software update call |
| *.crashlytics.com | HTTPS/443 | firebase-settings.crashlytics.com | Capture analytics data |
| *.googleapis.com | HTTPS/443 | crashlyticsreports-pa.googleapis.com | Capture analytics data |
| app-measurement.com | HTTPS/443 | app-measurement.com | Capture analytics data |
| login.microsoftonline.com | HTTPS/443 | login.microsoftonline.com | Graph API URL for authentication and creating meeting |
| graph.microsoft.com | HTTPS/443 | graph.microsoft.com | Graph API URL for authentication and creating meeting |
NTP Service
By default, Condeco screens are configured to use the standard NTP services listed below, however, they can be configured to use a custom NTP service. At least one of the NTP servers must be added to the allowlist.
| NTP Service | NTP server | Protocol / PORT | Reason / Usage |
|---|---|---|---|
| Android | time.android.com | NTP/123 (UDP only) | Time synchronization – only 1 required. The screen contacts the NTP servers in the order shown here. time.local is included to allow a customer to apply an internal NTP server if required |
| Apple | time.apple.com | ||
| time.google.com | |||
| Android | 2.android.pool.ntp.org | ||
| Time.Local | time.local | ||
| Custom NTP | NTP/123 (UDP only) | A custom NTP server can be configured. |
Device Hub
| Domain | Protocol / PORT | Fully Qualified Domain Names | Reason / Usage |
|---|---|---|---|
| *.login.microsoftonline.com | HTTPS/443 | CondecoConnect.onmicrosoft.com | Azure Active Directory Business-to-Consumer. Responsible for user account sign-up, sign-in, profile edit, and password reset functions. |
| portal.condecoconnect.com | HTTPS/443 | portal.condecoconnect.com | URL for Condeco Device Hub. Used by Condeco screens and APIs. |
| cdn.linearicons.com | HTTPS/443 | https://cdn.linearicons.com/free/ 1.0.0/icon-font.min.css |
CSS for font icons in the Device Hub UI. |
| cdnjs.cloudflare.com | HTTPS/443 | https://cdnjs.cloudflare.com/ajax/ libs/bluebird/3.3.5/bluebird.min.js |
Java Script and fonts used by Device Hub UI. |
| fonts.googleapis.com | HTTPS/443 | https://cdnjs.cloudflare.com/ajax/ libs/bluebird/3.3.5/bluebird.min.js |
Fonts in Device Hub UI. |
| widget.uservoice.com | HTTPS/443 | widget.uservoice.comcondeco.uservoice.com |
Customer feedback on the Device Hub. |
| connectblobstorage.blob.core.windows.net | HTTPS/443 | http://connectblobstorage.blob. core.windows.net/ |
Used by Condeco storage accounts for storing various static content such as device information version information, etc. |
| by2.uservoice.com | |||
| az416426.vo.msecnd.net | |||
| fonts.gstatic.com | HTTPS/443 | fonts.gstatic.com | Fonts in login component of the Device Hub UI. |
| dc.services.visualstudio.com | |||
| *.condecoconnect.com | HTTPS/443 | https://westeurope.condecoconnect.com/ SelfService/ |
Base URL for the Device Hub and Condeco screens. |
Emails
| Domain | Protocol / PORT | Fully Qualified Domain Names | Reason / Usage |
|---|---|---|---|
| *.ct.sendgrid.net | HTTPS/443 | https://mc.sendgrid.com/ | For sending emails |
| westeurope.azureedge.net | HTTPS/443 | https://westeurope.azureedge.net | For email template file in CDN |
Mobile API
| Domain | Protocol / PORT | Fully Qualified Domain Names | Reason / Usage |
|---|---|---|---|
| connectpasswordless.azurewebsites.net | HTTPS/443 | connectpasswordless.azurewebsites.net | Getting/revoking token for mobile API/add-in. |
| westeurope.condecoconnect.com/ | HTTPS/443 | https://westeurope.condecoconnect.com/ | Device Hub domain URL. |