Addressing Cycle 2 Authentication Issues Caused by Network Configuration
Problem
The Cycle login process uses the Cycle Labs Azure B2C instance to complete the authentication process and grant an access token for using Cycle.
If the machine Cycle is installed on is behind a firewall or proxy, Cycle may not be able to reach the Cycle Labs Azure B2C authentication instance.
Certain firewall or proxy configurations may possibly prevent the authentication process from working properly and you may experience issues using the Cycle application.
Cycle may fail to redirect you to the login page and stay in a "Loading..." state as pictured below:
Or, you may see an error message similar to the picture below after entering your username and password.
Solution
The sections below describe several different network configurations that might need to be modified or addressed in order to complete the authentication process and secure an access token.
URL Whitelisting
Web traffic to the URLs listed below needs to be allowed to complete the authentication process and secure an access token. If your firewall is preventing communication with any of the URLs listed below, the authentication process may not be able to properly complete.
Please work with your organization's IT team to whitelist the following URLs:
- https://cyclelabsproduction.b2clogin.com/
- https://app.cyclelabs.io/
- https://userflow.cyclelabs.io
- https://events.cyclelabs.io
- https://content.product.cyclelabs.io
- https://data.product.cyclelabs.io
- https://graph.windows.net
- https://graph.microsoft.com
Please Note: Attempting to navigate to the URLs listed above is not sufficient in determining if your network firewall is preventing or allowing the necessary communication. Your organization's network team will need to examine the web traffic to the URLs during Cycle authentication and whitelist the URLs if they are being blocked.
Additional information on URLs
We understand your network team may require some additional information on the specific URLs that need to be whitelisted. In some instances, you may need to know the IP address associated with the URL. Some of the URLs have static IP assignments whereas others have dynamic IP assignments and are subject to change. Please find additional IP information for the URLs below. If you need any additional information about any of these URLs, please reach out to help@cyclelabs.io, and we will provide you the additional information.
- https://cyclelabsproduction.b2clogin.com/ - CNAME record pointing to prda.aadg.msidentity.com which points to a pool of A records with various IP addresses that are dynamic and subject to change.
- https://app.cyclelabs.io/ - CNAME record pointing to cyclecloud.azurewebsites.net. This sits on a static public IP of 20.119.16.35.
- https://userflow.cyclelabs.io - CNAME record pointing to cycleuserflow.azurewebsites.net. This sits on a static public IP of 20.119.0.44.
- https://events.cyclelabs.io - CNAME record pointing to cycleeventproxy.azurewebsites.net. This sits on a static public IP of 20.119.8.29.
- https://content.product.cyclelabs.io - CNAME record pointing to our Pendo site which points to a pool of A records with various IP addresses that are dynamic and subject to change.
- https://data.product.cyclelabs.io - CNAME record pointing to our Pendo site which points to a single IP that is dynamic and subject to change.
- https://graph.windows.net - Microsoft-controlled IP address that is dynamic and subject to change.
- https://graph.microsoft.com/ - Microsoft-controlled IP address that is dynamic and subject to change.
Allow SSL Traffic or Disable SSL Inspection
Network security platforms such as Zscaler can prevent SSL traffic required by Cycle in order to secure an authorization token after logging in. Your organization's network team should be able to inspect the traffic that is passing through Zscaler at the time of authentication and allow any blocked traffic.
Please ensure your network security platform is not blocking SSL traffic to the Cycle application. If so, please have your network team create a rule to allow Cycle SSL traffic or disable SSL inspection on Cycle network traffic.
Make Cycle Proxy-Aware
If the device you are running Cycle on is behind a web proxy, you will need to make Cycle proxy aware so that the authentication process can complete and an access token can be retrieved from the Azure B2C server.
Related Articles
How to Make Cycle Proxy Aware
Certain firewall or proxy configurations may possibly prevent the Cycle authentication process from working properly, and Cycle will not be able to secure an access token. The purpose of this article is to describe the process for making Cycle proxy ...Cycle 2.17 Proxy Aware Authentication
Beginning with Cycle 2.17, there is additional functionality within Cycle to handle authentication issues when using Cycle behind a web proxy. Certain network configurations exist that prevent Cycle from being able to successfully communicate with ...Cycle 2 Install Guide
This article covers the process of installing the Cycle Client on your device and the steps required to authenticate using your Cycle Cloud credentials. The release of Cycle 2.9 kicked off our incremental move toward the cloud, leveraging more modern ...Cycle 2 Install FAQ
The Cycle install process and post-install authentication process has changed as of the release of Cycle 2.9.2. This process applies to Cycle 2.9.2 and all future versions of the Cycle 2 Application. This article contains frequently asked questions ...How to resolve "Windows Protected Your PC" message when installing Cycle
Occasionally, when first running the Cycle installer, the following error message may be encountered. To resolve this issue, simply click on the "More info" link. That will display more information about the app that is being prevented from starting. ...