To ensure seamless access to the Journey.do platform while maintaining a secure environment, we provide the following guidelines for network administrators to properly configure firewall and proxy settings. This will ensure that the necessary domains and services are whitelisted, allowing uninterrupted access. We follow industry best practices for platform security and operation, with data encrypted at rest, and rely on multi-factor authentication for sensitive information.
Network Configuration Guide:
- Whitelist Required Domains: To ensure the platform functions correctly, it's essential to whitelist the specific domains and services used by Journey.do. With these whitelisted, we can then run the platform on any device already deployed in your system, either as app or URL.
- Custom Configuration Support: If any of these domains conflict with your existing settings, please reach out to us directly. For example, our third-party providers such as logrocket are not critical to the functionality of our platform, but is used to provide support and/or enhance the feature set of Journey.do
- Device-Level Configuration: We are available to help configure the platform to fit your needs and assist in configuring device-level safety and security settings to augment network security best practices.
Security Assurance:
- Our AI and all ongoing project updates operate within secure, cloud-hosted environments. Each environment is fully secured and enables secure communication between the services.
- Every account, whether for a county, department, or caseload, is "containerized." This means that only the registered members within that specific container can access its data. This isolation ensures that each county manages its own private, secure instance.
We are committed to providing a safe, secure experience while making sure you have full control and confidence in managing your data. If you need any additional security adjustments or have specific concerns, our team is here to support you.
Please ensure that the following domains are whitelisted in your network:
Core Journey.do Domains
journey.do.journey.do.journeydo.com.journeydo.net-
.amazonaws.com(Our media, programming, and content hosted in the Amazon Cloud)
Third-Party Services Used by Journey.do
-
.iframe.ly(for rendering embedded media) -
.branch.io(for deep linking) -
.logrocket.com(for logging, error reporting, and customer support) -
.intake-lr.com(for logging and error reporting, and customer support)
Important Considerations:
-
Elastic Load Balancer:
Journey.do is hosted on Amazon Web Services (AWS) Elastic Load Balancers (ELBs), which means that the IP addresses associated with the platform may change periodically. Instead of relying on IP-based whitelisting, we recommend using the domain-based whitelisting outlined above.
-
Wildcard Domains:
Wildcards (
*) are required for several domains because subdomains might be dynamically assigned. Make sure your firewall or proxy allows wildcard entries.
Instructions for Popular Firewalls and Proxies
Example: Whitelisting on Cisco Meraki MX
-
Go to Security & SD-WAN > Content Filtering.
-
Scroll to the Whitelisted URLs section.
-
Add the following domains:
*.journey.do *.journeydo.com *.journeydo.net *.branch.io *.iframe.ly *.amazonaws.com *.logrocket.com *.intake-lr.com -
Save changes.
Example: Whitelisting on Palo Alto Networks
-
Navigate to Policies > Security.
-
Create a new rule and define the source and destination as needed.
-
In the Service/URL Category, add the domains to be whitelisted:
journey.do *.journey.do *.journeydo.com *.journeydo.net *.branch.io *.iframe.ly *.amazonaws.com *.logrocket.com *.intake-lr.com -
Apply and commit the changes.
Troubleshooting
- If users encounter issues accessing Journey.do, confirm that all the required domains have been whitelisted, especially wildcard domains.
- Check for any filtering on AWS IP ranges if you're experiencing intermittent issues, as the IPs might change due to elastic load balancing.