Security

MiraBridge Phone is designed with a security-first mindset. The system follows modern web security practices and minimizes the data exposure surface by ensuring that all sensitive operations are performed within the agent’s browser or through secure, authorized API calls.

Data Flow and Isolation

  • No server-to-server CRM connection
    MiraBridge Phone runs entirely in the browser and does not directly access or store CRM data on MiraBridge servers.

  • All CRM operations are performed locally
    Actions like screen pops or record updates are executed in the context of the logged-in CRM user via browser-based APIs.

  • Genesys data is accessed via OAuth
    MiraBridge uses an OAuth Client ID configured in your Genesys Cloud environment to authorize access. All access tokens are handled in-browser and never sent to MiraBridge servers.

Session Privacy

  • Anonymous sessions
    Sessions are created with no agent-identifying information. The session ID is a UUID and does not contain usernames, emails, or any sensitive agent data.

  • License consumption is tracked per session
    Licenses are assigned to anonymous sessions. If a session disconnects unexpectedly, the license is released after a timeout (see Licensing for details).

Authentication and Authorization

  • Genesys OAuth only
    MiraBridge does not perform its own authentication. All API calls to Genesys Cloud are made by the agent’s browser using a valid Genesys access token.

  • Role-based access in Genesys
    Access to the embedded widget is controlled using Genesys roles and permissions. Only users with the appropriate role can launch MiraBridge Phone.

Secure Hosting and Delivery

  • Static files served over HTTPS
    All MiraBridge Phone assets are served over HTTPS from a secured hosting environment. No HTTP fallback is allowed.

  • Content Security Policy (CSP)
    The widget can be configured to follow strict CSP rules depending on the CRM platform.

Browser Requirements

To ensure safe execution, MiraBridge Phone supports only modern, up-to-date browsers. See Requirements for details.

Upcoming Enhancements

Future releases will include additional security features and administrative controls:

  • Admin audit logging for comprehensive license usage tracking
  • IP allowlists to restrict access from specific network ranges
  • Referer validation to prevent unauthorized embedding
  • Enhanced session monitoring with detailed activity logs
  • Multi-factor authentication support for additional security layers
  • Custom security policies per deployment configuration

Security Compliance

MiraBridge Phone is designed to meet enterprise security requirements:

  • GDPR compliance for data processing
  • Regular security assessments and penetration testing
  • Industry-standard encryption for all data in transit

Reporting Security Issues

If you discover a security vulnerability or have security concerns:

  1. Do not report security issues through public channels
  2. Contact MiraBridge security team directly at security@mirabridge.cloud
  3. Include detailed information about the potential vulnerability
  4. Allow reasonable time for investigation and resolution

We take security seriously and will respond promptly to legitimate security reports.