1. OVERVIEW
In order to integrate Concep Send with LexisNexis InterAction, some setup is required on the client side. This will involve creating an external facing URL for InterAction, purchasing and installing an SSL certificate, and completing some pre-requisites within the system.
Should you have any questions relating to this guide, please contact please contact the Implementation Manager.
2. INTERACTION REQUIREMENTS
- InterAction Version 6.2 or above
- InterAction REST API configured with external access for use by Other Applications – see “Configuring the InterAction API for Other Applications” chapter in the “Administering InterAction” documentation.
- Please refer to InterAction System Resource Guidelines to ensure your environment is configured in line with LexisNexis recommended resources.
3. CONNECTING CONCEP SEND AND INTERACTION
3.1. InterAction Prerequisites
Before implementation, it is necessary to complete some prerequisites within InterAction. The following must be completed:
- Creation of an InterAction Admin User account which will be dedicated to the Concep integration.
- This account will be used to connect to your InterAction instance and will need to be able to perform the following:
- Read system field & folder information, read/update/create contact & company records, log activities, update global additional & folder specific fields.
- Creation of the Activity Types you wish to log in InterAction i.e. Email Campaign Sent, Survey Submitted.
- Creation of global additional fields and folder specific additional fields for any data you wish to capture via surveys.
- Disabling the InterAction wildcard search criteria.
- This is recommended to maintain data integrity should partial email addresses be entered into an event registration form.
- This account will be used to connect to your InterAction instance and will need to be able to perform the following:
3.2. Creating an External Facing InterAction API endpoint
For Concep Send to be able to connect to your InterAction environment an external facing InterAction API endpoint must be setup. This external URL (e.g. https://interaction.companyname.com/InterActionAPI/) will need to run over port 443 and point to the Virtual Directory setup on the InterAction REST API Server. For additional security we request that access is locked down to Concep’s range of IP addresses.
Detailed instructions on how to configure an external facing InterAction API can be found in the chapter “Configuring the InterAction API for Other Applications” in the “Administering InterAction” documentation. If the default API endpoint is already in use by other InterAction plugin’s refer to the “Using Both Windows Integrated and InterAction Authentication and Connecting from Untrusted Domains” section of the chapter which outlines how a second Virtual Directory can be created with anonymous authentication enabled.
Please also refer to InterAction System Resource Guidelines to determine if a dedicated REST API server is recommended by LexisNexis for your InterAction environment.
Outlined below are the high-level steps that should be followed to complete the setup:
3.2.1. Create the external URL
Create an external facing URL for your instance of InterAction:
- This can be a subdomain of your business domain e.g. https://interaction.companyname.com/
- Create an A record for this domain that points to the external IP address of your firewall.
3.2.2. Link the external endpoint to your IA REST API Server
There are different ways this can be achieved, and each client’s network configuration and security requirements are different which is why we don’t give instructions for this step. In short, the URL needs to be pointed to the Virtual Directory created on the REST API Server as per the instructions outlined in the “Administering InterAction” documentation mentioned above. The diagram below shows the two methods we see most regularly used.
3.2.3. Apply the HTTPS certificate
To secure the connection you will need to have an SSL certificate for the domain you have selected (i.e. https://interaction.companyname.com/)
- Obtain an SSL certificate for the domain
- If a subdomain is used, a wildcard SSL certificate can be used.
- Install the SSL certificate within IIS on the REST API Server.
3.2.4. Add the binding to the Virtual Directory within IIS
This is so that the external request is responded to from the IIS server. The binding must be added within IIS on the server where the REST API is installed.
- Add a binding for the URL (interaction.companyname.com) to the Virtual Directory within IIS.
- Select the installed SSL certificate in the drop down.
- Set the port as 443.
For example:
Once this is complete, restart the Default Site in IIS.
Please note: If using a load balancer, update the load balancer configuration to not use SSL offloading for this service.
3.2.5. Enable InterAction Authentication
It is not possible to use integrated windows authentication with our data connection due to a restriction which enforces cross-domain security standards. Therefore, you will need to ensure that InterAction Authentication is enabled in the API Configuration section of the InterAction Administrator Tool.
3.2.6. Generate Keys
Ensure that the the password encryption key pair and the HMAC key has been generated. This can be found in the HMAC Settings section of API Configuration.
Restart the InterAction Application Service once this is complete.
3.2.7. Enable anonymous API access
Our data connector needs to be able to communicate directly with the InterAction API, for this to work, anonymous access will need to be granted. You will also need to disable the Windows Authentication setting, as this will take priority if both are enabled simultaneously. This will need to be applied to the InterActionAPI directory if this is the endpoint being used for the integration.
Please note: There are certain InterAction plugins like IMO (InterAction for Microsoft Outlook) that require Windows Authentication to be enabled. If you are using any plugins that require this, you cannot disable Windows Authentication for the InterActionAPI endpoint. If this is the case, you will need to follow the instructions outlined in the “Using Both Windows Integrated and InterAction Authentication and Connecting from Untrusted Domains” section of the “Configuring the InterAction API for Other Applications” chapter in the “Administering InterAction” documentation as outlined above.
3.2.8. Lock down the URL
Lock down the connection to InterAction endpoint on your firewall by only allowing traffic from Concep’s servers. The IP addresses you would need to allow traffic from are:
- For Clients located in US:
- 13.58.79.69
- 18.216.126.239
- 18.225.16.0
- 54.217.222.75
- 54.217.222.76
- EU and UK:
- 54.76.123.141
- 52.18.180.54
- 52.16.204.236
- 54.217.222.75
- 54.217.222.76
- AUS:
- 13.55.153.242
- 13.55.76.160
- 54.217.222.75
- 54.217.222.76
- The firewall should also only allow https traffic.
3.3. Contact Concep
Having completed the steps above, please provide Concep with the following information:
- External InterAction URL
- InterAction User Account (username) to be used for the connection
Concep will complete the setup process internally and feedback with any issues.
4. SECURITY
All client integration related data stored on Concep’s servers is located in a client specific database. The connection details to your instance of InterAction, and all passwords and other sensitive information will in addition be encrypted with unique salts for added security.
Concep takes security very seriously and is ISO27001:2013 – Information Security Management certified.
Comments
0 comments
Please sign in to leave a comment.