Living Security Suite Technical Integration

This guide will serve to communicate the technical requirements of our products to your team. Getting an early start on these technical tasks and internal governance will ensure a seamless onboarding experience.


Table of Contents

URL Whitelisting

Email Whitelisting

Browser Compatibility

User Access

User Provisioning

Security Tool Considerations

Services FAQ

System overview and security summary

Architecture Diagrams


URL Whitelisting

Whitelisting is an important component of integrating Living Security's suite of applications. Use the following guide to avoid connectivity issues:

Description Wildcard URL Specific URL(s) Port Req'd?
General *.livingsecurity.com

app.livingsecurity.com

identity.livingsecurity.com

443 Yes
Media *.contentful.com

cdn.contenful.com

images.ctfassets.net

assets.ctfassets.net

443 Yes
*.cloudinary.com assets.livingsecurity.com 443 Yes
*.ctfassets.net

assets.ctfassets.net

images.ctfassets.net

443 Yes
Gameplay *.twilio.com IP Addresses UDP 3478 Yes
*.googleapis.com firestore.googleapis.com 443 Yes
*.firebaseio.com firebaseio.com 443 Yes
*.launchdarkly.com

events.launchdarkly.com

app.launchdarkly.com

443 Yes
Widgets *.hubspot.com

api.hubspot.com

forms.hubspot.com

443 No
*.acsbapp.com

cdn.acsbapp.com

443 No
Error logging *.ingest.sentry.io

rum-http-intake.logs.datadoghq.com

443 No
Fonts

*.googleapis.com

*.gstatic.com

*.maxcdn.com

fonts.googleapis.com

fonts.gstatic.com

oss.maxcdn.com

443 No

Detailed whitelisting and troubleshooting by product:


Email Whitelisting

The Training Platform is able to send training invitations, notifications, and other emails directly to participants. To ensure these emails do not get flagged, blocked or filtered as a phishing or spam email, please whitelist our IP addresses:

  • 168.245.71.9
  • 198.37.157.57
  • 198.37.157.99
  • 167.89.96.129
  • 149.72.82.76

Browser compatibility and Desktop policies

The Living Security Training Platform is designed to work with most browsers but we currently only support the latest version of Microsoft Edge and Google Chrome. This is because the Platform utilizes libraries which may not support some older versions of browsers or specific features of certain browsers, including Internet Explorer (IE).

The Teams gameplay experience will utilize both the microphone and camera of each participant. If your organization restricts this for end users, please make an exception for our web applications.

For more information on setting these exceptions for your environment see Manage Chrome policies with Windows registry or Configuring Microsoft Edge policy settings on Windows.


User Access

Currently, only Living Security Training supports Single Sign-On (SSO). We've made it really easy for you to set up SAML SSO from within your admin account.

Need help?  Schedule a meeting!

User Provisioning

Both Living Security Phish and Training support some type of automatic user provisioning. Training supports Just-in-Time (JIT), SCIM provisioning, and manual list uploads, whereas Phish supports strictly SCIM. Use the guides below to configure your provisioning method of choice:

Need to test or troubleshoot with a Living Security Technical Specialist? Schedule a meeting!


Security tool considerations

Security tools like ZScaler, Netskope, and Forcepoint have an optional setting that can make them act as an SSL Proxy. Some services (like Firebase) don’t like SSL Proxies sitting between them and users. If your organization uses one of these network security tools and are having trouble getting tests to pass, adding an SSL bypass rule will likely resolve blocking issues. You can find more detailed information on what this means and how to do this in the following articles: 

Also helpful is configuring SSL Certificate Pinning for Google Shared Services as outlined here:

https://help.zscaler.com/zia/certificate-pinning-and-ssl-inspection

What is...?

Auth0

We use the third-party service Auth0 to handle our user authentication and authorization. This allows us to easily support the SAML single sign-on (SSO) that our clients would expect from an enterprise software platform. 

It also provides the ability for “Passwordless” authentication that is used in the Teams Gameplay tool for a lower barrier of entry. The session participant simply enters their work email address and receives a one-time code to enter. This way, no password is even associated with their account.

Contentful

Contentful delivers all of our content including lessons, quizzes, and puzzles.

Cloudinary

Cloudinary is for video and image content delivery / streaming service.

Twilio

Twilio is used for video conferencing on during the Teams experience. It enables WebRTC-powered voice and video calling across browsers and devices with SDKs for JavaScript, iOS, and Android.

Firebase

For real-time gameplay syncing across players in Teams.

LaunchDarkly

LaunchDarkly allows us to create, organize, and maintain feature flags at any scale. For more information click here.

Datadog

Datadog is a managed logging and cloud monitoring service that makes it easy for us to track the usage of our products and easily debug errors when they occur. We use Datadog to centralize both frontend and backend logs, which provides us with a holistic view of everything happening across all of our various services.


System overview and security summary

Question Response
What data does LS store for Teams?

Name, password, email, and public IP.

The following is stored to improves user experience through NPS collection and feature tracking: browser, device type, OS, hostname, country, viewport width, viewport height, timezone, user roles, userID

What data does LS store for Training? Name, password, email, job title, job location, department, and public IP.
How does Living Security store data at rest? Living Security data at rest is encrypted with AES 256.
How Does Living Security encrypt data in transit? Living Security data in transit is encrypted with TLS 1.3
Where does Living Security store data for training? Living Security stores data in AWS-US-East1. Also there are subprocessors that store data in AWS-EU-West1 (Hotjar, App user monitoring).
Where does Living Security store data for Teams? Living Security stores data in AWS-US-East1. Also there are subprocessors that store data in AWS-EU-West1 (Hotjar, App user monitoring), and Google US-central1 (firebase, used to synchronize the experience).
Who is the Platform as a Service provider? AWS
Where is your AWS environment located? AWS-US-East1
Are you SOC Certified? Living Security Teams is SOC 2 Type 1 certified for its products. 
What is your backup policy? Client session data is exported daily and sent to Snowflake for internal reporting and usage tracking.

Architecture Diagrams
living-security-teams-architecture-diagram

Training - Services Architecture (Internal) (1)

Note:

Before sending a security questionnaire please review our Shared Responsibility Model.

Need to test, troubleshoot, or schedule a working session? Click here!