To ensure the integrity of TigerConnect message delivery, please implement the system requirements shown below.
AMAZON CDN
TigerConnect runs on the Amazon Web Services (AWS) elastic cloud infrastructure. Due to the nature of elastic scaling in response to dynamic throughput needs, the TigerConnect server application may communicate from a range of different IP addresses. Clients with network firewalls in place must proactively allow communications to this range of IP addresses. There are over 10 million public IP addresses contained within the AWS infrastructure. For this reason, TigerConnect strongly discourages the use of an OSI Layer 3 (network) firewall to restrict access via whitelisted IP addresses, as this may unnecessarily open the customer’s infrastructure to a wider attack surface. Rather, we encourage the use of OSI Layer 7 (application) firewall rules to restrict access and only allow HTTPS traffic to the *.tigertext.com, *.tigertext.me, *tigerconnect.com, *.med.tc domains.
Customers may decide to use OSI Layer 3 firewalls, accepting the risk inherent in whitelisting large ranges of IP addresses that may not be used for TigerConnect, including without limitation the risk of allowing access to the customer’s private network by outside parties. The list of current AWS IP addresses may be consumed in JSON format from Amazon. See https://aws.amazon.com/blogs/aws/aws-ip-ranges-json for more information.
Proxy or Firewall
Ensure that the following sites are not blocked:
NOTE: Append both ‘https://’ or ‘https:// to properly whitelist the below URLs.
- *.env-tigerconnect-premium.kinsta.cloud
- *.tigertext.com
- *.tigertext.me
- *.med.tc
If a wildcard domain is not an option, below are the Fully Qualified Domain Names (FQDNs):
- access.tigertext.com
- api.tigerconnect.com
- api.tigertext.me
- app.tigerconnect.com
- assets.tigerconnect.com
- downloads.tigertext.com
- home-static.tigertext.com
- home.tigertext.com
- idp.tigerconnect.com
- login.tigerconnect.com
- static.pro.tigertext.com
- static.tigertext.me
- tigerconnect.com
- tigertext.me
- d17gddqtitu3hh.cloudfront.net
- d18oyzjkq5093g.cloudfront.net
- d1j0wfatttsmrb.cloudfront.net
- d1n6bomzxlt9xn.cloudfront.net
- d1pja6kym1wocc.cloudfront.net
- d20fxgql1qhj06.cloudfront.net
- d2cfk2smgkkpz1.cloudfront.net
- d3gw707yjo51bv.cloudfront.net
- d3jad50r2eiw1v.cloudfront.net
- d3q3w8yum1wsen.cloudfront.net
- d4ksvvza57hut.cloudfront.net
- db5362zp12d6h.cloudfront.net
- Doypq9et62aku.cloudfront.net
- dpiu6qal3wq6l.cloudfront.net
NOTE: Similar to whitelisting all AWS IP addresses, it is the customer’s responsibility and risk should they choose to whitelist the entire *.cloudfront.net domain.
Third-party domains:
- api.mixpanel.com
- m.onelink.me
- sendgrid.net
White Listing
TigerConnect Service
The following IP addresses and ports must be allowed for outgoing (egress) traffic from your network:
Include Port: 443
54.208.152.37 |
54.208.129.17 |
54.209.103.170 |
52.8.55.232 |
52.8.75.252 |
52.9.196.218 |
Email White-Listing
Please ensure the following email addresses are whitelisted to ensure proper delivery of TigerConnect communications:
- *@*.tigertext.me
- sendgrid.net
Aliases and reply-to email addresses for TigerConnect emails:
- messages-noreply@bounce.tigertext.me
- messages@tigertext.me
- notification@tigertext.com
- password-help@tigertext.com
For LDAP Authentication Only
The following IP address and ports must be allowed for users with LDAP Authentication:
IPs |
Ports |
54.208.46.68 |
IIS – 443
LDAPS – 636 |
54.208.66.88 |
54.208.83.219 |
52.8.103.227 |
52.8.175.5 |
52.9.188.15 |
WiFi Setup
- Access Control – Users must have access to a TigerConnect-approved Wi-Fi network that does not require re-authentication.
- Mobile Wi-Fi Setup – All users must turn off “Ask to Join Networks” on their mobile devices.
- Bypass – TigerConnect does not currently support the use of HTTP Proxies or Content Filters. Traffic to the TigerConnect HTTPS and XMPP service ports must bypass HTTP Proxies and Content Filters.
Advanced Network/Firewall Requirements – Third Party Services
These additional requirements are utilized in our mobile client applications for iOS, iPad OS, and Android versions of the TigerConnect applications. To ensure proper serviceability of the TigerConnect ecosystem, the following applications listed in the table below need to be defined in your network and security service definitions for TigerConnect.
NOTE: ALL CONNECTIONS LISTED BELOW ARE EGREES/OUTBOUND FROM THE TIGERCONNECT CLIENT APPLICATION
Application & Purpose |
IP/PORT/FQDN |
TigerConnect
Voice/Video and Patient Engagement |
Media Signaling
● global.vss.twilio.com
Media Servers
● 34.203.254.0 – 34.203.254.255
● 54.172.60.0 – 54.172.61.255
● 34.203.250.0 – 34.203.251.255
● 3.235.111.128 – 3.235.111.2551
● 34.216.110.128 – 34.216.110.159
● 54.244.51.0 – 54.244.51.255
● 44.234.69.0 – 44.234.69.1271
Ports
● 10,000 – 60,000 UDP
● 443 UDP
● 3478 UDP |
LaunchDarkly
Controls rollout of new features within the TigerConnect mobile client applications |
https://app.launchdarkly.com/api/v2/public-ip-list
FQDNs
● app.launchdarkly.com
● stream.launchdarkly.com
● clientstream.launchdarkly.com
● events.launchdarkly.com
● mobile.launchdarkly.com
● sdk.launchdarkly.com
● clientsdk.launchdarkly.com
Ports
● 443 UDP |
Pendo Analytics
Utilized for tracking end-user application interactions |
FQDN
● www.myPeoplenet.com
IP Addresses
● 64.94.3.200
● 64.94.3.207
● 64.94.3.210
Ports
● 80 UDP
● 443 UDP |
Sentry
Used for Application Performance Monitoring |
FQDN
· o4505999279980544.ingest.sentry.io
IP Addresses
· 34.120.195.249/32
· 34.123.195.156/32
Ports
· 443 UDP |