The Firewall, Email & Video Configuration process ensures that members are able to fully leverage all aspects of the BetterUp® platform.
Key takeaways
- Firewall, Email & Video Configuration is required to ensure members can access the BetterUp platform and receive communications
- This task requires involvement from your internal IT team
- You will need to specify to your internal IT team whether you launched BetterUp on the US or EEA instance
- Delay in completing this can result in launch delays
When to do this:
Complete the Firewall, Email & Video Configuration process 2 weeks prior to launch. This is required before launching BetterUp at your organization. Not completing this can delay your launch and negatively impact the member experience.
Steps to complete:
Share this article with your internal IT team. Unsure of who to share this guide with internally? We suggest reaching out to any of the following individuals:
- IT Manager
- Application security administrator
- IT security engineer
- System administrator
- Network administrator
- Computer system manager
- IT coordinator
- Network engineer
BetterUp has both US and EEA based instances. Our US instance is hosted in Virginia, USA and our EEA instance is hosted in Frankfurt, Germany. Please specify with your IT team if you will be launched on the US or EEA instance as there will be instance specific instructions for them to follow. Unsure? Reach out to your BetterUp Account Team or your Implementation Project Manager.
Firewall, Email & Video Configuration Guide
General questions about completing the guide or support troubleshooting can be sent to tech-ipm@betterup.co.
Firewall Configuration
We highly recommend that you enable a wildcard domain to your firewall allowed domain list so that any and all BetterUp features and content can be accessed by your members.
US Instance | EEA Instance |
*.betterup.co | *.betterup.eu |
If you would prefer to not enable a wildcard domain, then you will need to allow access to the following subdomains. It is possible that subdomains may be added to this list in the future and you will need to update your allow list to ensure that employees can continue having access to their BetterUp experience.
Purpose | US Instance | EEA Instance |
BetterUp website | www.betterup.com and betterup.com | www.betterup.com and betterup.com |
Allows access the BetterUp application | app.betterup.co | app.betterup.eu |
Allows for video coaching sessions | video.betterup.co | video.betterup.eu |
Allows for Content Delivery Network (CDN) url for static assets" | cdn.betterup.co | N/A |
Allows for universal app deep links in order to direct to content within our application. | email.betterup.co | email.betterup.eu |
Allows hosting Workshops | studioworkshops.betterup.co | N/A |
Allows in-app messages via our service provider, Braze | mail.betterup.co | mail.betterup.eu |
Allows in-app communication with our customer support team via our service provider, Zendesk | betterup.zendesk.com | mail.betterup.eu |
Testing the Firewall Configuration
If you have followed the steps above your members shouldn’t have any issues when using our applications. In case you have any questions or issues during this setup please reach out to tech-ipm@betterup.co.
Email Enablement
All emails delivered by the platform follow industry-standard configurations including: SPF, DKIM, and DMARC.
-
Emails coming from the BetterUp platform to users (e.g., invite emails) will be sent from support@betterup.co.
-
Emails coming from our custom email service provider, Braze, will be sent from team@mail.betterup.co or support@mail.betterup.co.
-
Operational emails and other engagement emails may be sent from no-reply@mail.betterup.co.
In order for email delivery and interaction to operate as smoothly as possible, we recommend allowing the following:
US Instance | EEA Instance |
email.betterup.co | email.betterup.eu |
mail.betterup.co | mail.betterup.eu |
Depending on your firewall rules, it may be necessary to allow the following IP addresses:
US Instance | EEA Instance |
AWS SES:
|
|
Marketo
|
|
Sendgrid
|
Video Session Enablement
BetterUp users meet with their coaches virtually through our peer-to-peer video chat. We use an external service called Vonage to enable this functionality. In order for this to work properly, the following actions need to be taken:
Step | US Instance | EEA Instance |
Open firewall ports (outbound) which Vonage uses for secure HTTP communication | TCP port 443 | TCP port 443 |
Ensure access to these domains |
*.tokbox.com *.opentok.com |
*.tokbox.com *.opentok.com |
If it is not possible to allow these domains, allow these IP addresses |
168.100.64.0/18 216.147.0.0/18 These IP addresses are subject to change |
168.100.64.0/18 216.147.0.0/18 These IP addresses are subject to change |
Allowing these HTTPS verification servers for the Vonage HTTPS certificate will help avoid the browser console warnings. However, these warnings should not affect the session. |
ocsp.godaddy.com crl.godaddy.com |
ocsp.godaddy.com crl.godaddy.com |
Along with the minimum requirements above, opening UDP Port 3478 will give a better experience. UDP is highly recommended over TCP for better quality audio and video. The protocol favors timeliness over reliability which is consistent with the human perceptive preferences; where we can fill in gaps but are sensitive to time-based delays. This port only accepts inbound traffic after an outbound request is sent. The connection is bidirectional but is always initiated from the corporate network/client so it is not possible for an external entity to send malicious traffic in the opposite direction. For the best possible experience, we recommend opening UDP ports 1025 - 65535.
See the official Vonage support documentation for more detailed instructions on firewall configuration to support video calls.
Video/Audio Quality Check
Once the above domains have been allowed you should perform the Vonage pre-call check, save the test data, and send back to BetterUp for review — this will help us get ahead of any potential call quality-related issues.
Edge Cases
There are additional configuration steps that may be required depending on your organization’s policies. These could include, but are not limited to the following:
- Not allowing deep links
- Emails over a certain quantity being quarantined
- TLS interception enabled
If this is the case for your organization please reach out to tech-ipm@betterup.co and we will work with you to find a solution.
Next Step
Learn about program configurations.