IT Technical documentation

Table of contents

Key info

Architecture

Installation

Installation wizard

Enterprise setup

Automated installation

Parameters

Application security

Whitelisting
Anti-virus software
IP address and VPN verification
SSL pinning
Authentication

Email and password
Microsoft Entra SSO
License key

Rate limiting

Application management

Team roles and product access
Single sign-on
Remote configuration
Analytics

IRIS security

Security certifications
General security practices
Infrastructure
Monitoring and availability

FAQs


Key info

Supported OS: Windows 10, Windows 11

CPU utilisation: 1-2% per audio direction (microphone and speaker, depending on machine spec)

Memory usage: 90Mb

Installed disk space: 139Mb

Installer type: .msi

IRIS Clarity is a Windows desktop application and associated Virtual Audio Driver that intercepts and enhances audio streams across microphone and speaker. It has been purpose built to be extremely lightweight thus minimising system resource usage. 


IRIS Clarity is placed within the audio stream either by setting IRIS Clarity as the audio input and output device within a CCaaS/UCaaS calling platform, or by allowing IRIS Clarity to override the system default audio.

Installation 

After downloading the latest installation file from the account dashboard, IRIS Clarity can be installed via the installation wizard or the command line. 

Installation wizard

The installation wizard will guide you through the installation process step by step.

Enterprise setup 

For enterprise users, there are a number of optional installation parameters that can be specified in the Enterprise Configuration step.

  • Team ID - Add your team ID to manage application settings from the account dashboard.
  • SSO domain  - Add the domain that you registered when setting up SSO.
  • License key - Add your license key to enable station-based licensing.

Automated installation

IRIS Clarity can be installed via the command line or a script using msiexec.


For example, to install IRIS Clarity v1.X with no user interaction:

msiexec /i "PATH\TO\IRIS_Clarity_1.X.msi" /q /norestart

Please note that quiet installations may fail due to existing security policies or  environment configurations. You can run msiexec with no display parameters specified or minimal interactions with /passive to test the installation. 

Parameters

You can specify optional installation parameters as key value pairs.

Option

Type

Default

Description

TEAMID

string

null

Add your team ID to manage application settings from the account dashboard.

SSO_DOMAIN

string

null

Add the domain that you registered when setting up SSO.

LICENSE_KEY

string

null

Add your license key to enable station-based licensing.

LAUNCH_AFTER_INSTALL

int (0 or 1)

1

Whether IRIS Clarity launches after installation has completed.


For example, to enter your team ID and prevent IRIS Clarity from launching immediately after installation, run:

msiexec /i "IRIS_Clarity_1.X.msi" TEAMID=XXXXXX LAUNCH_AFTER_INSTALL=0 /q /norestart

Application security

Whitelisting

Please contact support@shapedbyiris.com or your sales partner for our whitelisting guide.

Anti-virus software

If you use Kaspersky or other similar antivirus software it can block the audio connection to the microphone leading to no microphone audio. If this occurs, you will need to whitelist ClarityAudioServiceExe.exe in your anti-virus software.

IP address and VPN verification

We use Google’s Intelligent Threat Protection to block all requests from known malicious IP addresses. 


In addition, we block unauthenticated requests from proxy servers and anonymised VPNs. If you would like to use IRIS Clarity with a VPN enabled, you may need to turn off the VPN to sign-in. You may then re-enable your VPN.

Alternatively, if you think that your VPN should not be blocked, please contact your sales partner to request a review of your IP address.

SSL pinning

The Clarity application implements SSL certificate pinning to protect against man-in-the-middle attacks. If you are using a proxy server that facilitates SSL inspection, you must exempt the IRIS Clarity application or requests from the iris.audio domain from SSL inspection to allow connections to pass through. 

Authentication

We provide three authentication options depending on your requirements. 

All authentication options can be protected with IP restrictions.

Email and password

At sign-up users create an account with their email and password. Passwords must have the following minimum criteria:

  • 8 characters
  • 1 lowercase letter
  • 1 uppercase letter
  • 1 number
  • 1 special character

On account creation, users are sent a link via email to verify their email address. This must be done prior to log-in. New users are invited to create an account and join a team via email. 

Microsoft Entra SSO

A team owner or admin can configure a Microsoft Entra enterprise application to support SSO from within the dashboard. Users can be invited manually or provisioned via Microsoft Entra with our Entra sync extension. Users can only log-in with their SSO credentials. There is no need for users to verify their email address or accept an invitation. 

Licence key 

Station-based authentication is our floating licence model. Users are assigned a station licence from a fixed pool on app startup, no need to log in. The IRIS Clarity application must be installed with a licence key. This key should be kept secret. 

Rate limiting

We have strong rate-limiting measures in place to reduce API abuse. We have tried to design our rate limiting in a way that will not affect normal users of the service, however if you encounter an issue please let us know at support@shapedbyiris.com.

Application management

IRIS Clarity offers a number of features to help support team owners and admins manage and monitor the application.

Team roles and product access

IRIS Clarity supports three role types:

  • Team owner
  • Team admin
  • Team user

Team owners and admins can manage team members and account settings in the account dashboard as well as view analytics.


Team users can download IRIS Clarity from the dashboard and update their password.


Only Team owners have access to view and manage billing.


Product access to IRIS Clarity can be granted or revoked for any team member from the Team page in the account dashboard

Single sign-on

SSO provides a more streamlined log-in process and enhanced security as it reduces the reuse of passwords. 


SSO can be set up by following the instructions under Settings > SAML Single Sign On (SSO) in the account dashboard


Following setup, new users can be invited to the team as usual or automatically provisioned from the Microsoft portal with Entra sync. They will not need to verify their email address and can log-in with their SSO credentials. Users will need to provide the SSO domain created during setup to log-in. This can be added as part of the installation of IRIS Clarity to remove this step.


We currently only support SSO with Microsoft Entra. If you would like to discuss an alternative provider please contact your sales partner.

Remote configuration

Application settings, such as the ability to disable Clarity, ringtone detection and echo cancellation, can be managed remotely. All application settings can be set to an initial state and then locked or hidden. 

Central app configuration

Application settings, such as the ability to disable Clarity, ringtone detection and echo cancellation, can be managed centrally from the account dashboard

Team owners and admins can create a settings profile that can be applied to individual users or to all stations if using station-based . 

Local app configuration

If you would like finer-grained control over application settings for individual stations, IRIS Clarity accepts a local app configuration file, AppConfig.json.

The AppConfig.json file should be stored here: Users/<user>/AppData/Local/IRIS_Clarity/AppConfig.json.

Contact support@shapedbyiris.com for more information on how to create a local app configuration file for your use case.

Analytics

Team owners and admins can view usage analytics within the account dashboard.


The analytics dashboard presents information on user activity, the number and duration of calls and VOIP platforms and audio devices in use while connected to IRIS clarity as well as the version of the app deployed.

IRIS security

Security certifications

IRIS is NCSC Cyber Essentials Plus certified as a business. You can find verification of IRIS’ Cyber Essentials and Cyber Essentials Plus Certificate on the NCSC website.

General security practices

  • We use automatic security vulnerability detection tools to alert us when our dependencies have known security issues, such as GitHub Advanced Security. 
  • We regularly perform internal and external vulnerability scans and application penetration tests to monitor the status of our security efforts.
  • We prefer third-party tools with strong privacy and security postures that align with our goals.
  • All developers are granted access to systems according to the principle of least privilege. 

Infrastructure

Our Cloud infrastructure is hosted by Google CLoud Platform (GCP). 

GCP’s data center operations have been accredited under:

  • ISO 27701
  • ISO/IEC 27001,  ISO/IEC 27017
  • SOC 1, SOC 2, SOC 3
  • PCI DSS

All GCP’s compliance and regulations resources can be found here


Our main servers and data stores are based in London and Belgium in GCP’s europe-west1 and europe-west2 data centers. 


Our infrastructure provides DDoS protection and threat intelligence via GCP Cloud Armor. We have auto scaling and health checks in place to ensure our services are resilient and available. We regularly backup all data to a different availability zone. 

Monitoring and availability

We are proactive about monitoring for application errors and crashes, including the use of a third-party tool, Sentry, and resolving them as quickly as possible. We strive to provide 99.99% uptime, and do offer an SLA for enterprise customers.

FAQs

What user data do you collect?

We only collect user data about who is interacting with our services so that we can monitor and improve the product, and provide faster, more effective support when issues arise. These events include API requests, sign-ins, sign-outs, etc.


More information on the type of data we collect can be found in our privacy policy.


How do I report a potential vulnerability or security concern?

Please email us at security@shapedbyiris.com and we will get back to you ASAP. 


If you have a discovery, please discretely reach out to a member of the team via email for verification, vulnerability acceptance, and remediation timeline.


We believe in responsible disclosure. At this time we do not have a bug-bounty program in place, but would like one in the future.