Domain allowlists
Allowlist requirements for Condeco devices
If you use allowlists or denylists you must allow access to the fully qualified domains listed below.
Android devices
| Domain | Protocol / PORT | Fully Qualified Domain Names | Reason / Usage |
|---|---|---|---|
| *.appcenter.ms | HTTPS/443 | in.appcenter.ms | Application Logging |
| *.connectproduction.azure-devices.net | HTTPS/443 | connectproduction.azure-devices.net | IoT messages |
| *.condecoconnect.com | HTTPS/443 | portal.condecoconnect.com | API calls (registration, RFID etc.) |
| *.condecoconnect.com | HTTPS/443 | storage.condecoconnect.com | Config data and firmware versions |
| *.condecoconnect.com | HTTPS/443 | services.condecoconnect.com | Connection test endpoint |
| Appropriate calendar service URL | HTTPS/443 |
Eptura room screen v3
All the domains listed for Android devices above, plus the following:
| Domain | Protocol / PORT | Fully Qualified Domain Names | Reason / Usage |
|---|---|---|---|
| *.googleapis.com | HTTPS/443 | firebaseinstallations.googleapis.com | Capture analytics data |
| devicehub-devicecode-westeurope-prd.azurewebsites.net | HTTPS/443 | devicehub-devicecode-westeurope-prd.azurewebsites.net | Activating Android screens |
| conectblobstorage.blob.core.windows.net | HTTPS/443 | conectblobstorage.blob.core.windows.net | Azure blob storage |
| *.condecoconnect.com | HTTPS/443 | devices.condecoconnect.com | Required for the software update call |
| api.prod.active-eptura.com | HTTPS/443 | api.prod.active-eptura.com | To download new APK files |
| *.crashlytics.com | HTTPS/443 | firebase-settings.crashlytics.com | Capture analytics data |
| eptura-cloud-prod-apk-files.s3.us-east-2.amazonaws.com | HTTPS/443 | eptura-cloud-prod-apk-files.s3.us-east-2.amazonaws.com | For protected file storage |
| *.googleapis.com | HTTPS/443 | crashlyticsreports-pa.googleapis.com | Capture analytics data |
| app-measurement.com | HTTPS/443 | app-measurement.com | Capture analytics data |
| login.microsoftonline.com | HTTPS/443 | login.microsoftonline.com | Graph API URL for authentication and creating meeting |
| graph.microsoft.com | HTTPS/443 | graph.microsoft.com | Graph API URL for authentication and creating meeting |
NTP Service
By default, Condeco screens are configured to use the standard NTP services listed below, however, they can be configured to use a custom NTP service. At least one of the NTP servers must be added to the allowlist.
| NTP Service | NTP server | Protocol / PORT | Reason / Usage |
|---|---|---|---|
| Android | time.android.com | NTP/123 (UDP only) | Time synchronization – only 1 required. The screen contacts the NTP servers in the order shown here. time.local is included to allow a customer to apply an internal NTP server if required |
| Apple | time.apple.com | ||
| time.google.com | |||
| Android | 2.android.pool.ntp.org | ||
| Time.Local | time.local | ||
| Custom NTP | NTP/123 (UDP only) | A custom NTP server can be configured. |
Device Hub
| Domain | Protocol / PORT | Fully Qualified Domain Names | Reason / Usage |
|---|---|---|---|
| *.login.microsoftonline.com | HTTPS/443 | CondecoConnect.onmicrosoft.com | Azure Active Directory Business-to-Consumer. Responsible for user account sign-up, sign-in, profile edit, and password reset functions. |
| portal.condecoconnect.com | HTTPS/443 | portal.condecoconnect.com | URL for Condeco Device Hub. Used by Condeco screens and APIs. |
| cdn.linearicons.com | HTTPS/443 | https://cdn.linearicons.com/free/ 1.0.0/icon-font.min.css |
CSS for font icons in the Device Hub UI. |
| cdnjs.cloudflare.com | HTTPS/443 | https://cdnjs.cloudflare.com/ajax/ libs/bluebird/3.3.5/bluebird.min.js |
Java Script and fonts used by Device Hub UI. |
| fonts.googleapis.com | HTTPS/443 | https://cdnjs.cloudflare.com/ajax/ libs/bluebird/3.3.5/bluebird.min.js |
Fonts in Device Hub UI. |
| widget.uservoice.com | HTTPS/443 | widget.uservoice.comcondeco.uservoice.com |
Customer feedback on the Device Hub. |
| connectblobstorage.blob.core.windows.net | HTTPS/443 | http://connectblobstorage.blob. core.windows.net/ |
Used by Condeco storage accounts for storing various static content such as device information version information, etc. |
| by2.uservoice.com | |||
| az416426.vo.msecnd.net | |||
| fonts.gstatic.com | HTTPS/443 | fonts.gstatic.com | Fonts in login component of the Device Hub UI. |
| dc.services.visualstudio.com | |||
| *.condecoconnect.com | HTTPS/443 | https://westeurope.condecoconnect.com/ SelfService/ |
Base URL for the Device Hub and Condeco screens. |
Emails
| Domain | Protocol / PORT | Fully Qualified Domain Names | Reason / Usage |
|---|---|---|---|
| *.ct.sendgrid.net | HTTPS/443 | https://mc.sendgrid.com/ | For sending emails |
| westeurope.azureedge.net | HTTPS/443 | https://westeurope.azureedge.net | For email template file in CDN |
Mobile API
| Domain | Protocol / PORT | Fully Qualified Domain Names | Reason / Usage |
|---|---|---|---|
| connectpasswordless.azurewebsites.net | HTTPS/443 | connectpasswordless.azurewebsites.net | Getting/revoking token for mobile API/add-in. |
| westeurope.condecoconnect.com/ | HTTPS/443 | https://westeurope.condecoconnect.com/ | Device Hub domain URL. |