To ensure the integrity of TigerConnect message delivery, please implement the system requirements shown below.
AMAZON CDN
TigerConnect runs on the Amazon Web Services (AWS) elastic cloud infrastructure. Due to the nature of elastic scaling in response to dynamic throughput needs, the TigerConnect server application may communicate from a range of different IP addresses. Clients with network firewalls in place must proactively allow communications to this range of IP addresses. There are over 10 million public IP addresses contained within the AWS infrastructure. For this reason, TigerConnect strongly discourages the use of an OSI Layer 3 (network) firewall to restrict access via whitelisted IP addresses, as this may unnecessarily open the customer’s infrastructure to a wider attack surface. Rather, we encourage the use of OSI Layer 7 (application) firewall rules to restrict access and only allow HTTPS traffic to the *.tigertext.com, *.tigertext.me, *tigerconnect.com, *.med.tc domains.
Customers may decide to use OSI Layer 3 firewalls, accepting the risk inherent in whitelisting large ranges of IP addresses that may not be used for TigerConnect, including without limitation the risk of allowing access to the customer’s private network by outside parties. The list of current AWS IP addresses may be consumed in JSON format from Amazon. See https://aws.amazon.com/blogs/aws/aws-ip-ranges-json for more information.
Proxy or Firewall
Ensure that the following sites are not blocked:
NOTE: Append both ‘http://’ or ‘https:// to properly whitelist the below URLs.
- *.env-tigerconnect-premium.kinsta.cloud
- *.tigertext.com
- *.tigertext.me
- *.med.tc
If a wildcard domain is not an option, below are the Fully Qualified Domain Names (FQDNs):
- access.tigertext.com
- api.tigerconnect.com
- api.tigertext.me
- app.tigerconnect.com
- assets.tigerconnect.com
- downloads.tigertext.com
- home-static.tigertext.com
- home.tigertext.com
- idp.tigerconnect.com
- login.tigerconnect.com
- static.pro.tigertext.com
- static.tigertext.me
- tigerconnect.com
- tigertext.me
- d17gddqtitu3hh.cloudfront.net
- d18oyzjkq5093g.cloudfront.net
- d1j0wfatttsmrb.cloudfront.net
- d1n6bomzxlt9xn.cloudfront.net
- d1pja6kym1wocc.cloudfront.net
- d20fxgql1qhj06.cloudfront.net
- d2cfk2smgkkpz1.cloudfront.net
- d3gw707yjo51bv.cloudfront.net
- d3jad50r2eiw1v.cloudfront.net
- d3q3w8yum1wsen.cloudfront.net
- d4ksvvza57hut.cloudfront.net
- db5362zp12d6h.cloudfront.net
- Doypq9et62aku.cloudfront.net
- dpiu6qal3wq6l.cloudfront.net
NOTE: Similar to whitelisting all AWS IP addresses, it is the customer’s responsibility and risk should they choose to whitelist the entire *.cloudfront.net domain.
Third-party domains:
- api.mixpanel.com
- m.onelink.me
- sendgrid.net
White Listing
TigerConnect Service
The following IP addresses and ports must be allowed for outgoing (egress) traffic from your network:
Include Port: 443
54.208.152.37 |
54.208.129.17 |
54.209.103.170 |
52.8.55.232 |
52.8.75.252 |
52.9.196.218 |
Email White-Listing
Please ensure the following email addresses are whitelisted to ensure proper delivery of TigerConnect communications:
- *@*.tigertext.me
- sendgrid.net
Aliases and reply-to email addresses for TigerConnect emails:
- messages-noreply@bounce.tigertext.me
- messages@tigertext.me
- notification@tigertext.com
- password-help@tigertext.com
For LDAP Authentication Only
The following IP address and ports must be allowed for users with LDAP Authentication:
IPs |
Ports |
54.208.46.68 |
IIS – 443
LDAPS – 636 |
54.208.66.88 |
54.208.83.219 |
52.8.103.227 |
52.8.175.5 |
52.9.188.15 |
WiFi Setup
- Access Control – Users must have access to a TigerConnect-approved Wi-Fi network that does not require re-authentication.
- Mobile Wi-Fi Setup – All users must turn off “Ask to Join Networks” on their mobile devices.
- Bypass – TigerConnect does not currently support the use of HTTP Proxies or Content Filters. Traffic to the TigerConnect HTTPS and XMPP service ports must bypass HTTP Proxies and Content Filters.