Skip to content
English
Sign in
Contact us
  • There are no suggestions because the search field is empty.

Ensuring Empath Works Correctly with Browser Security, DNS Filtering, and ZTNA/SASE Tools

This KB outlines the steps necessary to whitelist the Empath platform in your browser and network settings to ensure proper tracking of course progression and functionality of embedded content.

Summary

Empath relies on standard web technologies such as cookies, browser storage, and secure token exchange to track learning progress and authenticate users. Certain browser extensions, DNS filtering tools, and Zero Trust Network Access (ZTNA) or SASE solutions can interfere with these mechanisms, even if the user temporarily disables them.

This article outlines what must be whitelisted to ensure Empath functions correctly, especially for login, progress tracking, and embedded content playback.

Core Domains That Must Be Allowed

At a minimum, the following domains must be fully allowed (no inspection, rewriting, or blocking):

  • app.empathmsp.com
    Primary Empath application, authentication flow, and progress tracking

  • empathmsp.us.frontegg.com
    Authentication and identity services used by Empath

If either of these domains is blocked, rewritten, or partially inspected, users may experience:

  • Login failures or repeated login prompts

  • Progress not saving or resetting

  • Embedded content (especially video) failing to track correctly

  • Inconsistent behavior even after disabling security tools

Browser Extensions and Local Privacy Tools

Many MSPs and technicians use privacy-focused browser extensions. These are common sources of issues if Empath is not explicitly allowed.

Common Examples

  • uBlock Origin

  • Privacy Badger

  • Ghostery

  • DuckDuckGo Privacy Essentials

  • Brave browser shields

  • AdBlock / AdGuard

Required Action

  • Disable these extensions for app.empathmsp.com

  • Or explicitly allow cookies, local storage, and scripts for the site

Empath uses browser-based tokens to track progress and session state. Blocking these will prevent normal operation.

DNS Filtering and Network-Level Blocking

If your organization uses DNS filtering or IP-based controls, Empath domains must be allowed at the user level, not just globally.

Common Examples

  • Pi-hole

  • Cisco Umbrella

  • NextDNS

  • PureBlock

  • Firewall-based DNS filtering

Required Action

  • Ensure empathmsp.com and frontegg.com are not blocked, rewritten, or sinkholed

  • If issues occur for only certain users, check per-device or per-user policies

ZTNA / SASE / Secure Web Gateway Solutions (Important)

ZTNA and SASE platforms frequently interfere with Empath authentication and tracking because they:

  • Proxy or rewrite traffic

  • Inspect secure sessions

  • Cache identity or session state

  • Continue enforcing policy even when “disabled”

This means users may still have issues even after turning the tool off.

Common Examples

  • Perimeter 81

  • Zscaler

  • Netskope

  • Cloudflare Zero Trust

  • Twingate

  • Palo Alto Prisma Access

  • Cisco Secure Access

Required Action

In your ZTNA or SASE platform:

  • Fully whitelist:

    • app.empathmsp.com

    • empathmsp.us.frontegg.com

  • Exclude these domains from:

    • TLS inspection

    • URL rewriting

    • Session proxying

    • Identity injection

    • Click-time protection

If your tool supports policy exceptions, Empath should be placed in an explicit allow / bypass rule, not just “low inspection.”

Click-Time Protection and Link Rewriting

Some email and security platforms rewrite links at click time to inspect them. This can break token-based tracking.

If your organization uses tools that rewrite URLs:

  • Ensure Empath domains are excluded from link rewriting

  • This applies both in email and in-browser navigation

If You’re Unsure How to Configure This

Empath cannot provide step-by-step instructions for every security product on the market.

If this article feels unfamiliar or unclear:

  • Ask someone on your internal IT or security team how to whitelist a required business application

  • Provide them with the domains listed above

  • Explain that Empath requires standard browser cookies and authentication flows to function

Still Having Issues?

If users continue to experience problems after whitelisting:

  • Verify changes are applied at the user/device level

  • Test from a network without ZTNA/SASE as a control

  • Open a support ticket and include:

    • The security tools in use

    • Confirmation that the required domains are whitelisted

    • Screenshots or error messages if available

Loom Guide:
https://www.loom.com/share/e6f968fc897341a18f801f15dc207c2a