Domain and SSL options
Introduction
This document discusses the various domain scenarios the Clinch Talent platform supports. Clinch Talent has been designed to install seamlessly into your existing infrastructure and domain structures.
However, due to the way that web cookies operate on the internet, there are a number of restrictions that apply if you want to track candidates across your web properties.
This document will use a fictitious company Acme, with a domain of acme.com.
Security
The Clinch Talent platform requires an SSL on each domain it’s hosted on.
Option 1: Default domain
Clinch Talent ships with a default domain of career-pages.com, so without any further configuration Acme’s pages are available on acme.career-pages.com.
This default domain automatically has a wildcard SSL certificate available, so no further configuration is needed, and all pages are available only on https protocol.
Pages on this domain automatically track people and content heatmaps.
Career-pages was chosen as a non-Clinch Talent-branded generic domain. In general, customers prefer to use custom options.
Option 2: Custom dedicated domain
Clinch Talent can be deployed to a custom dedicated domain, in the format <domain>. For example, Acme might choose to deploy to my-acme-career.com.
This configuration requires a domain SSL certificate from the company for the specific dedicated domain being used (my-acme-career.com).
This certificate can have Extended Validation (EV), if required.
The SSL certificate (private key, public certificate) will need to be installed onto the Clinch Talent platform. Clinch Talent Support ( support@clinchtalent.com) can assist in this process.
This means that Clinch Talent landing pages would be available on URLs like https://careers.acme.com/about.
An important limitation of this deployment option, to note, is that because there is a domain difference between acme.com and my-acme-career.com, the external tracking script won’t be able to tracking candidates behavior between the domains.
Option 3: Custom company sub-domain
Note: This is the most widely deployed and recommended option.
Clinch Talent can be deployed to a custom sub-domain, in the format, <subdomain>.<domain>. For example, Acme might choose to deploy to careers.acme.com.
This configuration requires an SSL certificate from the company. There are two options of certificates that can be used:
- A wildcard SSL for the company domain, that allows any subdomain (
*.acme.com) to use SSL (Wildcard SSL). For security reasons, Extended Validation (EV) certificates are not available for wildcard domains. - A domain SSL for the specific custom subdomain being used (
careers.acme.com). This certificate can have Extended Validation (EV).
The SSL certificate (private key, public certificate) will need to be installed onto the Clinch Talent platform. Clinch Talent Support ( support@clinchtalent.com) can assist in this process.
This means that Clinch Talent landing pages would be available on URLs like https://careers.acme.com/about.
In this configuration, because the Clinch Talent platform is on a company sub-domain, the Clinch Talent External Tracking Script, can be installed onto any other product within the company's domain, to track candidate behavior between the sites and Clinch Talent.
For example, if Acme has product pages on www.acme.com and Clinch Talent on careers.acme.com, they can track candidates that interact with both properties. This is because the Clinch Talent tracking cookie will be presented to all products with the tracking script on *.acme.com.
Summary of domain options
| Domain example |
SSL Cert Required |
Candidate Tracking |
Content Heatmaps |
External Tracking Script |
|
|---|---|---|---|---|---|
|
Default |
|
Supplied |
Yes |
Yes |
No |
|
Dedicated Domain |
|
Yes |
Yes |
Yes |
No |
|
Sub-domain |
|
Yes |
Yes |
Yes |
Yes |