Application security
      Back to home
      1. IRIS Clarity Help Centre
      2. Technical documentation
      3. Application security

      Whitelisting and SSL inspection

      If your company enforces security measures via a firewall, proxy server or anti-virus, you may need to whitelist IRIS Clarity in your settings to allow the application to work.

      Validating whitelist policies

      To validate that URLs and SSL inspection have been whitelisted effectively, visit https://app.iris.audio/ in your browser and check that the certificate is issued to *.iris.audio and issued by SSL.com

      Whitelist URLs

      IRIS Clarity must have a persistent connection between our server and the app. To do so, IRIS Clarity connects to our server URL over port 443.

      Proxies and firewalls can sometimes interrupt this connection. If someone using IRIS Clarity can’t connect from a specific location, or if there’s a server connection failure in the application, you’ll need to adjust your proxy or firewall to keep the connection to IRIS Clarity open. 

      Add the below URL to the allowlist on your proxy or firewall:

      • app.iris.audio/*

      For app versions 1.10.5 and below, visit Whitelisting URLS for older versions of IRIS Clarity for the full list of IRIS server URLs. 

      SSL Pinning

      The Clarity application implements SSL certificate pinning to protect against man-in-the-middle attacks. If you are using a proxy server running SSL decryption, you must exempt the IRIS Clarity application or requests from the iris.audio domain from SSL inspection to allow connections to pass through. 

      Certificate verification within IRIS Clarity may make additional calls to check a Certificate Revocation List (CRL). If you are still experiencing connectivity issues related to SSL inspection, whitelist crls.ssl.com

       

      Please note that all CRL Distribution Points (CRLDP) are http, NOT https. This is to ensure that requests for CRLs do not create a chicken-and-egg problem where you need to download a CRL to verify the certificate for the connection to download the CRL. 🐓

      Anti-virus software

      If you use Kaspersky or other similar antivirus software it can block the audio connection to the microphone leading to no microphone audio.

      Whitelist ClarityAudioServiceExe.exe in your anti-virus software.