About Outbound Communications
Imprivata Appliance
A fully licensed and enabled Imprivata appliance needs to contact the remote communication sites identified below to communicate with licensed services such as Insight, Imprivata Cloud Token Service, Imprivata Enterprise Access Management for MFA (formerly Imprivata Confirm ID), and log transmittal.
Cloud IP addresses change frequently. Some firewalls may only be able to limit the outbound traffic by destination port (443) and protocol (TCP). Many firewalls are unable to limit traffic based on FQDN.
| Port | Protocol | Direction | Host | Description |
|---|---|---|---|---|
| 443 | HTTPS | Outbound | icps.imprivata.com | Imprivata Confirm ID certificate server. Used when initially configuring the Imprivata Confirm ID certificate |
| 443 | HTTPS | Outbound | osmul.imprivata.com | OneSign Insight metrics server. Collects Insight data |
| 443 | HTTPS | Outbound | oslful.imprivata.com | Imprivata Support log file server. Used when submitting log files directly from Imprivata Appliance Console only when requested by Imprivata Support |
| 443 | HTTPS | Outbound | rpapi.cts.imprivata.com | Imprivata Cloud Token Service. Used by Imprivata Confirm ID for user services |
| 443 | HTTPS | Outbound | api.digicert.com | DigiCert server required for Individual identity proofing |
| HTTP | Outbound | http://ocsp.digicert.com | DigiCert server required for revocation checking via the online certificate status protocol | |
| HTTP | Outbound | http://ocsptest.digicert.com |
Non-production DigiCert server for revocation checking via the online certificate status protocol. For test computers only. 1 |
|
| 443 | HTTPS | Outbound | www.digicert.com | DigiCert identity proofing: required to access the token URL in the enrollment utility. |
| 443 | HTTPS | Outbound | *.amazonaws.com | A connection to Amazon S3 is needed for the Imprivata appliance to update the DigiCert metadata (e.g. the client certificate). This is required for Individual identity proofing of new users.1 |
| 443 | HTTPS | Outbound | *.cloud.imprivata.com | Connection to the Imprivata Cloud, allows communication from users outside the firewall to Imprivata OneSign inside the firewall. |
1 Test computers in a non-production enterprise use a test DigiCert server for revocation checking. If communication to the test DigiCert host is blocked, the user may see an alert in the Imprivata Admin Console that the DigiCert service is down. Functionality is not blocked; revocation checking will not occur.
Imprivata Cortext Server
Imprivata Cortext is a scalable, redundant communications platform. To ensure proper communication, Imprivata Cortext uses fully qualified domain names (FQDN) rather than individual IP addresses to create exception rules through the corporate firewall. The IP addresses used by Imprivata Cortext are highly dynamic and configuration of static IP addresses can cause communication disruptions when the IP Address changes.
Imprivata Cortext does not support proxy servers.
For more information on Imprivata Cortext contact the Imprivata Customer Experience Center.
FQDN Required to Pass Through Corporate Firewalls
To ensure Imprivata Cortext functions correctly in their network environments, clients must allow the following FQDNs to pass through the corporate firewall:
| Port | Protocol | Direction | Host | Description |
|---|---|---|---|---|
| 443 | HTTPS | Outbound | update.cortext.com | Software version updates |
| 443 | HTTPS | Outbound | static.cortext.com | Documentation storage |
| 443 | HTTPS | Outbound | admin.cortext.com | Administrator portal |
| 443 | HTTPS | Outbound | media.cortext.com | Image storage |
| 443 | HTTPS | Outbound | cortext.com | Imprivata Cortext communication platform |
| 443 | HTTPS | Outbound | msgws.cortext.com | Authentication service |
| 443 | HTTPS | Outbound | start.cortext.com | New user registration |
| 443 | HTTPS | Outbound | cortext.imprivata.com | Web client |
| 443 | HTTPS | Outbound | api.cortext.com | Cortext AP |
FQDN Required to Pass Through Corporate Firewalls for Clients using Directory Connector
Clients who use Directory Connector for Imprivata Cortext must allow the following FQDNs to pass through the corporate firewall to ensure Imprivata Cortext functions correctly:
| Port | Protocol | Direction | Host | Description |
|---|---|---|---|---|
| 443 | HTTPS | Outbound | adauth.cortext.com | Active Directory authorization |
| 443 | HTTPS | Outbound | dc.cortext.com | Directory connector service |
