IT Guide: Unblocking URLs for Casebook Email and Calendar Integration

Overview:

Casebook offers powerful features such as email and calendar integrations to enhance case management workflows. To enable these features effectively, we request that your IT team unblock specific URLs to ensure uninterrupted communication between Casebook and your organization’s systems.

In this guide, we will explain the technical reasons behind the request, provide clarification on the security implications, and recommend an approach that minimizes administrative effort while maintaining necessary security controls.

Why Dynamic URLs Are Necessary:

Casebook operates on a tenant-based architecture, meaning each organization has its own unique subdomain (e.g., tenantname.casebook.net). This subdomain dynamically serves various resources related to your organization’s data. Each tenant’s Casebook site includes numerous sub-resources that handle different features and functions, such as:

Cases Management: tenantname.casebook.net/cases
Providers: tenantname.casebook.net/providers
Users: tenantname.casebook.net/users
Calendar Events: tenantname.casebook.net/calendar
Documents and Attachments: tenantname.casebook.net/files

As we continue to expand the platform, new sub-resources may be added to support additional features. Due to the dynamic and ever-expanding nature of these resources, it is impractical to maintain a fixed list of URLs that need to be unblocked.

Dynamic URL Format:

We request the use of wildcard URLs in the following format to ensure that all necessary sub-resources are accessible:

tenantname.casebook.net/*

This allows your organization’s Casebook site to serve all relevant resources without requiring constant updates to your IT department’s firewall or security configurations. The wildcard (*) ensures that all legitimate sub-resources are accessible without having to manually specify each one.

Security Implications:

We understand concerns around granting "total permissions." However, it’s important to clarify that using the dynamic URL tenantname.casebook.net/* does not give unrestricted access to external resources or bypass security measures. Here's how it works:

Scoped to Tenant: The dynamic URL only applies to your organization's specific Casebook tenant (e.g., tenantname.casebook.net). It will not affect other websites or allow access to non-Casebook domains.
Controlled Sub-Resources: The URLs that are dynamically served are limited to Casebook's own web application resources. These sub-resources are essential to the normal functionality of Casebook features such as cases, providers, users, and calendar integration.
Regular Security Audits: Casebook adheres to industry-standard security practices, including encryption, regular vulnerability assessments, and third-party audits to ensure that all sub-resources are secure. Your data remains protected even when sub-resources are dynamically loaded.

Alternative Approaches:

If your IT policies restrict the use of dynamic URLs, we can offer the following alternatives, though they may require additional administrative effort:

URL Whitelisting:
- We can provide a list of critical URLs that must be unblocked to allow core functionality. However, this list will need to be updated regularly as new features are released. This approach is more restrictive and may result in disruptions if URLs are not kept up to date.
IP Whitelisting:
- You may choose to whitelist specific IP addresses associated with Casebook’s servers. This approach ensures that requests from known trusted sources are allowed while blocking unrecognized traffic. However, this also requires regular updates.