At Effectory, we are dedicated to helping organizations utilize our services to their fullest potential. In this comprehensive guide, we provide detailed information on the technical requirements necessary for seamless integration and optimal performance. In this article, you will find:
- Using Effectory’s services in the best way possible
- Whitelisting our servers
- Using accessible web servers
- Single Sign-On
- Multi-Factor Authentication (MFA)
- Employee data (HRIS) integrations
- Supported browsers
- Testing your environment
- Further support
Using Effectory’s services in the best way possible
At Effectory, we facilitate organizations in retrieving employee feedback through our tools and services. To ensure smooth operation, it is crucial that organizations meet our technical requirements.
When a survey starts, we send e-mail invitations to all participants, containing a hyperlink to access the questionnaire. Similarly, when the survey results are made available, we invite coordinators and respondents to view them through our online dashboard.
The settings below are crucial to guarantee that these e-mails are delivered smoothly and that our online environments can be accessed as intended.
Prevent these common issues first
- Ensure rate limiters are set to at least 300.
- Set connection limits to a minimum of 40.
- Turn off spam filters for Effectory emails.
- Implement denial of service prevention measures.
- Web content filtering for the resources used in the survey.
- Consider filters like Microsoft Outlook Focused Inbox or Google tabbed Mailbox.
- Address grey listing issues.
If you have any questions, feel free to contact your Customer Success Manager or our Helpdesk via helpdesk@effectory.com.
Whitelisting our servers
To facilitate smooth communication during survey periods, it's essential to whitelist our servers to receive emails correctly. We provide detailed requirements based on e-mail address, FQDN e-mail server, and IP e-mail server.
Based on e-mail address: | Based on FQDN e-mail server: | Based on IP e-mail server: |
---|---|---|
@effectory.nl | mail4.effectory.nl | 87.253.233.35 |
bnc3.mailjet.com | 185.211.120.208 |
Using accessible web servers
Access to our web servers is vital for using our tools effectively. Please ensure that the following web servers are accessible and properly configured:
Web servers | |
---|---|
https://survey.effectory.com | https://login.effectory.com |
https://myfeedback.effectory.com | https://questionnaire-webapi.effectory.com |
https://ecestore.effectory.com | https://my-reporting.effectory.com |
https://reporting-webapi.effectory.com | https://signin.effectory.com |
https://my.effectory.com | https://az416426.vo.msecnd.net |
https://dc.services.visualstudio.com | https://widget.effectory.com |
https://participant-exchange.service.signalr.net | https://myeffectory-project.service.signalr.net |
https://results.service.signalr.net | https://coremailings.blob.core.windows.net |
Web servers specifically used for InternetSpiegel | |
---|---|
https://internetspiegel.survey.effectory.com | https://login.internetspiegel.effectory.com |
https://myfeedback.internetspiegel.effectory.com | https://my-reporting-internetspiegel.effectory.com |
https://my.internetspiegel.effectory.com |
Configuration requirements
To ensure optimal functionality, please verify the following settings on your browser and network:
- Accessibility: Ensure that the web servers listed above are not blocked by any firewalls or network restrictions.
- Third-party cookies: Make sure your browser is configured to allow third-party cookies.
- Local storage: Ensure that local storage is enabled in your browser settings.
- Trusted sites: Add the necessary web servers to your list of trusted sites.
We cannot perform these checks automatically, so please confirm that these settings are correctly configured. Failure to do so may result in limited functionality or an inability to use specific applications.
Single Sign-On
We support and recommend the use of Single Sign-On to securely access our systems. This section provides general requirements for SSO and specific instructions for integration with Azure Active Directory/Microsoft Entra ID, OpenID Connect, SURFconext, and ADFS.
General requirements for Single Sign-On
To be able to use Single Sign-On without issues, we need specific data delivered to us. Please make sure to deliver the User Principal Name (UPN) to us when being asked for employee data.
SSO with Azure Active Directory/Microsoft Entra ID
Follow these steps if you're using Azure AD/Microsoft Entra ID.
SSO with OpenID Connect
If you use an OpenID Connect protocol, please send the requirements listed below to helpdesk@effectory.com and then proceed to configure a client for Effectory in your identity provider.
When setting up the configuration in your identity provider, take into account the following:
- Effectory supports: The implicit and the authorization code flow in OpenID Connect.
- Claims required: A claim with the name “email” is required for authentication. The claims “given_name” and “family_name” are not required, but preferable.
- Scopes: Two scopes will be used to get the required information: ‘openid’ and ‘profile’.
- Callback URL: The callback URL used will be https://signin.effectory.com/openid/[identifier]/callback, where [identifier] is the unique identifier for your identity provider.
We recommend arranging a test account so that Effectory’s development team can test the SSO implementation before enabling it for everyone.
OpenID Connect SSO requirements
To set up the configuration required, the following needs to be provided to Effectory:
- An identifier for your identity provider, to be used by Effectory. A unique identifier is required to discern between different identity providers. This identifier will then be used in the login URL (https://signin.effectory.com/identifier) and in the callback URL. Provide your unique identifier using only alphanumeric characters, and no special characters or diacritics.
- The list of domain names that are used in your provider. Please provide a comma-separated list of domains, e.g.: @example.com,@domain.com,@company.com. It is currently not possible to use private e-mail address like Gmail.
- The e-mail address of the technical contact, that can be contacted in case of questions or issues.
- Share the OpenID well-known endpoint. This is your authority URL followed by ‘/.well-known/openid configuration’, e.g. https://login.domain.com/.well-known/openid-configuration.
- Share your ClientId, a unique ID in your identity provider that allows Effectory to communicate with it and authenticate.
- If you are using authorization code, provide the client secret generated by your identity provider. Make sure not to share this via e-mail. Instead, upload it to a secure location like My Effectory.
SSO with SURFconext
Effectory supports SSO with SURFconext. If your organization uses SURFconext, send an email to helpdesk@effectory.com and ask for a SURFconext integration. Make sure that you provide the following information:
- Your organization's name as known by SURFconext or the EntityID from the SURFconext metadata.
- The list of domain names used in your provider (comma-separated). Please note that it is currently not possible to use private e-mail address like Gmail.
- The e-mail address of your technical contact.
SSO with ADFS
ADFS starting from Windows Server 2016 (v4.0) is supported when you use the OpenID Connect protocol.
Unsupported systems and protocols for SSO
Effectory does not support the SAML protocol and does not support ADFS 3.0 or below.
Multi-Factor Authentication (MFA)
Multi-Factor Authentication is required by default for Central and Employee Coordinators to be able to log into My Effectory.
For Project, Local, Result Access Coordinators, and Employees, this extra security feature is enabled by default. However, Central Coordinators can access the Multi-factor authentication settings in My Effectory, where they can enable or disable this feature per role.
Please note that if you are using Single Sign-On, you will have to set up your own MFA and cannot use the Effectory protocol.
Employee data (HRIS) integrations
HRIS integration (or employee integration) is a strategic alternative designed to automate the process of importing employee data into our platform. For organizations with extensive employee data, this option offers numerous benefits:
- Data exchanges are automated.
- It’s less error prone.
- Your employee information stays up to date.
- Saves time for you and your Customer Success Manager.
- Enables continuous projects.
My Effectory supports 20+ native HRIS integrations, and we are constantly working on expanding the list. Find the up-to-date list here.
Requirements and responsibilities
Download the documentation for an AFAS integration
Download the documentation for a file-based (SFTP) integration
Download the documentation for a Personio integration
Download the documentation for a SAP SuccessFactors integration
Supported browsers
Desktop
Edge
2 most recent major versions
(preferred)
Chrome
2 most recent major versions
Safari
2 most recent major versions
Firefox
latest and extended support release (ESR)
Mobile and tablet
Chrome
2 most recent major versions
Safari
2 most recent major versions
Chrome
2 most recent major versions
Firefox
latest and extended support release (ESR)
Testing your environment
Ensure compatibility and functionality by testing your environment using our questionnaire demo environment, available in both Dutch and English:
Further support
For any assistance or clarifications regarding technical requirements, your Customer Success Manager and our Helpdesk are here to help. Reach out to us for personalized support and guidance!
Comments
Please sign in to leave a comment.