Problem
The Cycle login process uses the Cycle Labs Azure B2C instance to complete the authentication process and grant an access token for using Cycle.
If the machine Cycle is installed on is behind a firewall or proxy, Cycle may not be able to reach the Cycle Labs Azure B2C authentication instance.
Certain firewall or proxy configurations may possibly prevent the authentication process from working properly and you may experience issues using the Cycle application.
Cycle may fail to redirect you to the login page and stay in a "Loading..." state as pictured below:
Solution
The sections below describe several different network configurations that might need to be modified or addressed in order to complete the authentication process and secure an access token.
URL Whitelisting
Web traffic to the URLs listed below needs to be allowed to complete the authentication process and secure an access token. If your firewall is preventing communication with any of the URLs listed below, the authentication process may not be able to properly complete.
Please work with your organization's IT team to whitelist the following URLs:
- https://cyclelabsproduction.b2clogin.com/
- https://app.cyclelabs.io/
- https://userflow.cyclelabs.io
- https://events.cyclelabs.io
- https://content.product.cyclelabs.io
- https://data.product.cyclelabs.io
- https://graph.windows.net
- https://graph.microsoft.com
Please Note: Attempting to navigate to the URLs listed above is not sufficient in determining if your network firewall is preventing or allowing the necessary communication. Your organization's network team will need to examine the web traffic to the URLs during Cycle authentication and whitelist the URLs if they are being blocked.
We understand your network team may require some additional information on the specific URLs that need to be whitelisted. In some instances, you may need to know the IP address associated with the URL. Some of the URLs have static IP assignments whereas others have dynamic IP assignments and are subject to change. Please find additional IP information for the URLs below. If you need any additional information about any of these URLs, please reach out to
help@cyclelabs.io, and we will provide you the additional information.
- https://cyclelabsproduction.b2clogin.com/ - CNAME record pointing to prda.aadg.msidentity.com which points to a pool of A records with various IP addresses that are dynamic and subject to change.
- https://app.cyclelabs.io/ - CNAME record pointing to cyclecloud.azurewebsites.net. This sits on a static public IP of 20.119.16.35.
- https://userflow.cyclelabs.io - CNAME record pointing to cycleuserflow.azurewebsites.net. This sits on a static public IP of 20.119.0.44.
- https://events.cyclelabs.io - CNAME record pointing to cycleeventproxy.azurewebsites.net. This sits on a static public IP of 20.119.8.29.
- https://content.product.cyclelabs.io - CNAME record pointing to our Pendo site which points to a pool of A records with various IP addresses that are dynamic and subject to change.
- https://data.product.cyclelabs.io - CNAME record pointing to our Pendo site which points to a single IP that is dynamic and subject to change.
- https://graph.windows.net - Microsoft-controlled IP address that is dynamic and subject to change.
- https://graph.microsoft.com/ - Microsoft-controlled IP address that is dynamic and subject to change.
Allow SSL Traffic or Disable SSL Inspection
Network security platforms such as Zscaler can prevent SSL traffic required by Cycle in order to secure an authorization token after logging in. Your organization's network team should be able to inspect the traffic that is passing through Zscaler at the time of authentication and allow any blocked traffic.
Please ensure your network security platform is not blocking SSL traffic to the Cycle application. If so, please have your network team create a rule to allow Cycle SSL traffic or disable SSL inspection on Cycle network traffic.
Make Cycle Proxy-Aware
If the device you are running Cycle on is behind a web proxy, you will need to make Cycle proxy aware so that the authentication process can complete and an access token can be retrieved from the Azure B2C server.