Connectivity
If you filter outbound web traffic from your network, you may need to whitelist Groove.id. The following provides information about the connectivity requirements for Groove.id to work.
Please note that this may change from time to time. You may notice that many of the hostnames listed here resolve to the same set of IP addresses. Please do not rely on this fact.
Web Console
To use Groove.id, web users must be able to access the following URLs, all on TCP port 443:
https://groove.id
https://auth.groove.id
https://api.groove.id
https://static.groove.id
- Your canonical URL, which will match the pattern
https://*.auth.groove.id
. - Each of the vanity URLs that are configured, e.g.
https://signin.example.com
orhttps://salesforce.example.com
The connections to https://api.groove.id
rely on WebSockets, which may cause problems with some HTTPS man-in-the-middle proxies. You may need to disable man-in-the-middle for https://api.groove.id
.
SSH agent
The Groove.id SSH Agent needs to communicate with https://api.groove.id
on TCP port 443 as well as the vanity URL that you provide during the installation process. (e.g. https://signin.example.com
)
Active Directory
The Groove.id Active Directory Agent needs only to communicate with https://api.groove.id
on TCP port 443.
Linux Local User service
The Groove.id Local User service needs only to communicate with https://api.groove.id
on TCP port 443.
RADIUS
The Groove.id RADIUS proxy needs only to communicate with https://api.groove.id
on TCP port 443.
LDAP
If you use the LDAP configuration, your devices will need to contact auth.groove.id
on TCP port 636.