Training Platform - Technical Details for a Successful Launch

Training Platform Technical Details

A key component of employee engagement relies on your users being able to seamlessly interact with video content and digital puzzles on and through our Online Training Platform. In an effort  to support a seamless launch and successful rollout within your organization, please review the following technical details we have put together to maximize employee engagement within our Platform.

Topics covered here:

Technical configuration:

• Browser Compatibility

• Email Whitelisting

• URL Whitelisting

• VPNs, Corporate Network Policies and Bandwidth
• SSO Details
• User Provisioning
• Sender Authentication

Browser Compatibility

The Living Security Training Platform is designed to work with most browsers but we currently only support the latest version of Microsoft Edge, Google Chrome. The Platform utilizes libraries which may not support some older versions of browsers or specific features of certain browsers, including Internet Explorer (IE).

If the majority of your company is using any older versions of these browsers - or alternative browsers like IE - please let us know right away as we are happy to work with you on messaging. If your IT department is needed to help facilitate this switch, our goal would be to start this process immediately to avoid any delays in timeline.

Ensuring Access with Edge Tracking Prevention

The “Strict” setting in Edge’s Tracking Prevention can block essential resources, which may cause parts of our platform to break. This can result in:

• Training modules showing as completed when they are not
• Dashboard errors or pages failing to load

If you encounter these issues, try one of the following solutions:

1. Switch Tracking Prevention to Balanced or Basic
2. Keep Strict enabled, but add our domains to the Exceptions list (use the [*.]domain.com format)

Email Whitelisting

The Training Platform is able to send training invitations, notifications, and other emails directly to participants. To ensure these emails do not get flagged, blocked of filtered as a phishing or spam email, please whitelist our IP addresses:

• 168.245.71.9
• 198.37.157.57
• 198.37.157.99
• 167.89.96.129
• 149.72.82.76

We also would recommend making sure that the sending domain of livingsecurity.com is allowed.

URL Whitelisting

All traffic for the following URLs need to be whitelisted before training is rolled out:

• app.livingsecurity.com port 443

• identity.livingsecurity.com port 443

• livingsecurity.com port 443

• *.livingsecurity.com port 443

• *.*.livingsecurity.com port 443

• *.contentful.com (specifically cdn.contentful.com) port 443

• *.cloudinary.com (specifically living-security-res.cloudinary.com)

• *ctfassets.net (specifically assets.ctfassets.net and images.ctfassets.net)

• platform-cdn.livingsecurity.com

• cdn.cyberescape.livingsecurity.com

• events.launchdarkly.com port 443

• app.launchdarkly.com port 443

• api.unlayer.com 443

• api.events.unlayer.com 443

The above covers the URLs we use for videos and gameplay. You can verify successful asset loading with the below links or launching the end user test module available in your platform catalog. We recommend doing this on various end user devices and networks:

• https://cdn.cyberescape.livingsecurity.com/video/Phishing_IRL_Ep1_pt1_3mbps.mp4
• https://platform-cdn.livingsecurity.com/images/email/scorecard/behavior/99.png

• https://images.ctfassets.net/2r59z1s22s5z/3qey84yTvSJSq9xNDKSBp7/b32bb16328700c71aa9748a636d592e0/CybersecurityTonight_CybersecurityIsPartOfYourJob_withTEXT_640x360.jpg?h=250

Please also whitelist our accessibility widget and our chat widget:

• Accessibility Widget (optional)
  • cdn.acsbapp.com
  • *.acsapp.com
• Hubspot Chat Widget (optional)
  • api.hubspot.com
  • forms.hubspot.com
  • livingsecurity.com/support
  • app.hubspot.com

VPNs, Corporate Network Policies and Bandwidth

These items in conjunction with each other can cause slow load times for training videos and at times, completely block a training video from opening. There is not one magic setting to prevent this since every company, user and machine has different settings and restrictions. However, you should ask if deep packet inspection and/or bandwidth restrictions are in place that prevent the successful delivery of video content from our CDN: https://cdn.cyberescape.livingsecurity.com.

Note: At this time we do not support adaptive bitrate streaming.

Also, ensure network policies support TLS 1.2 for traffic at https://cdn.cyberescape.livingsecurity.com.  Although we support TLS 1.3 for the root application (your unique URL) our CDN https://cdn.cyberescape.livingsecurity.com does not currently support TLS 1.3

SSO Details

To ensure SSO is completed in a timely manner, you will need to provide us your IDP metadata and signing certificate. Only update for the IDP metadata is the nameid with format emailAddress. You will need our SP metadata and signing certificate. It’s available upon request.

We support all SAML 2.0 identity providers and OIDC identity providers. With Okta, you can choose which you prefer to use. 

SSO Steps to Get Started:

1. Provide IDP Metadata in .txt format
2. Provide Signing Certificate in .pem or .cer format (can be sent as .txt format but must originate as .pem or .cer)
3. Provide a list of email domains you intend to use

SSO Configuration One Pager

Download Training Platform Technical Details here

User Provisioning

You can provision users for the Training Site three ways:

• Upload a CSV file
• Just in Time SSO
• SCIM

Sender Authentication

Living Security enables you to change the delivery email address of our system notifications. The default is training@app.livingsecurity.com. The authentication process involves verifying the sending domain and IP address of the email to confirm that it originated from a trusted source. This process will authorize our application to use your domain to originate emails within our applications via your specifications.

• Learn More
• Setup Guide