Puzzel Agent Application, Ticketing and WFM

Puzzel’s agent application (PAA) is our web-based user interface for agents. Agents use PAA to respond to enquiries from all channels (voice, chat, email, and social media), and is easily accessed through

The requirements for the agent application are solely browser based and does not have a .NET framework requirement nor hardware or operating system requirement.

Browser Requirements for PAA

The agent web application should in general function in most updated Internet browsers, but we only test and support the versions listed below. Among these we recommend the Chrome browser since it supports our Softphone-related feature of Jabra headset integration.

Browser Lowest Version Supported
Google Chrome 81
Microsoft Edge (Chromium) 81

    Configuring Browsers

    JavaScript must be enabled in the browser.

    The agent application uses cookies, therefor cookies should be enabled in the browser. By signing in to the agent application, the user accepts the use of cookies.

    Name Resolution | DNS

    Agent Application

    The agent application will require name resolution via DNS for the following addresses for access:

    Agent Assist

    The agent application used with Puzzel's agent assist will require name resolution via DNS for the following addresses for access in addition:

    • agentassistwidget.puzzel.io
    • agentassistbackend.puzzel.io
    • knowledgeadmin.puzzel.io
    • knowledgebase.puzzel.io
    • contacts.puzzel.io


    When the agent signs in to the agent application, it establishes contact with the trigger-server on port 443 using SignalR over the https-protocol and waits for a response.

    The agent application will display screen popup information for incoming calls, chats, e-mails and social media requests. It automatically detects if a firewall terminates the https-connection (for example if the “time to live”-value has expired), and then tries to re-establish the https-connection.

    For browsers supporting websockets (e.g. Chrome) in addition to https, the following must be opened in the firewall.

    The agent application will display a notification for incoming calls, chats, e-mails and social media requests. The notifications are based on the Notifications API and may not be supported in all browsers.

    Verifying connection to the trigger server

    To verify the trigger server in the agent application, write: https://agent.puzzel.com/

    Open the developer tool in the browser (F12) and press the tab Console.

    You will typically see an entry like:

    [triggerClient-1385652327723] TriggerServer Connected to server, sending Logon..
    [triggerClient-1385652327726] onStateChanged([object Object]) - Connected
    [triggerClient-1385652327728] TriggerServer Connection started
    2018-12-17 10:17:35.343 INFO [trigger] Connect 
    app-bundle-ff35dbd746.js:1 2018-12-17 10:17:35.351 INFO [trigger] State changed: connecting 
    app-bundle-ff35dbd746.js:1 2018-12-17 10:17:35.609 INFO [trigger] State changed: connected 
    app-bundle-ff35dbd746.js:1 2018-12-17 10:17:35.610 INFO [trigger] Started


    The agent application portal is only available through the https protocol. Most companies allow this traffic through their firewalls, but some customers will only permit https traffic to trusted sites. The trusted site-list is configured on the customer’s site.

    As of August 31st, 2020, the agent application is planned to be hosted on Azure. This means that for the agent application to work through the customer-firewall, the customer must permit traffic towards both Puzzel’s data centres and the relevant Azure regions.

    Puzzel recommend that customers with a strict firewall policy configure their firewall to allow traffic to the DNS names used by Puzzel. Since Azure is designed for redundancy across multiple regions, the services are not assigned a fixed IP-address. By configuring the firewall to allow traffic to the DNS name, the IP used can be dynamically allowed based on DNS. This mitigates the need to configure a large number of IP-subnets on the firewall.

    The minimum requirement for utilizing the agent application is to allow https-traffic (both inbound and outbound) on port 443 towards DNS names https://agent.puzzel.com and https://trigger.puzzel.com. To allow for future service expansions, it is recommended to allow traffic to all sub-domains under puzzel.com: https://*.puzzel.com.

    As an alternative to configuring the firewall to allow traffic based on DNS, it is possible to configure firewall rules based on IP address. In this case it is required to configure the firewall to allow https traffic on port 443 to all the relevant IPs for Azure in addition to the public IP address used by Puzzel’s data centres.

    The IP ranges used by Azure’s datacenters are available in a machine readable format here: https://www.microsoft.com/en-us/download/details.aspx?id=56519.

    The minimum requirement for utilising the agent application is to allow https-traffic (both inbound and outbound) on port 443 towards IP ranges specified for AzureCloud.WestEurope, AzureCloud.NorthEurope, AzureCloud.NorwayEast and AzureCloud.NorwayWest as well as IP network prefix used by Puzzel Private Cloud.

    For browsers supporting websockets (e.g. Chrome), the URL for this is wss://trigger.puzzel.com:443

    Web-based lookups 

    A request can be set up to trigger web-based lookups from our platforms event handler. These lookups will be sent from the following public IP-address ranges:


    A softphone is embedded in the agent application and enables agents to answer calls from the solutions queues using a phone build into the application, instead of using an external phone (usually with a landline or mobile phone). Softphone utilizes WebRTC-technology to transfer the conversations audio using the agent’s internet browser and internet connection as a carrier.

    Softphone has a cost and requires a setup by Puzzel. Softphone can be activated on some or all agents, based on your needs. Please contact your key account manager for further information regarding prices and cost.

    It is recommended to start testing softphone with only one or two agents to begin with, and eventually extend the number of users. The agent is required to allow the agent application access to use the computers microphone device when answering a Softphone call for the first time, for Softphone to function correctly. This is requested through a popup in the browser but can also be accessed through the content settings in Chrome (chrome://settings/content).

    Agents can toggle between logging on with a softphone or an external phone in the agent application, and calls can be answered manually or with auto answer (a setting in the applications menu).

    Softphone requires that agents have a sufficient and stable internet access, preferably on a wired connection.

    Our WebRTC implementations use G.711 (audio) codecs with the following specifications:

    • 8 kHz sampling frequency
    • 64 kbit/s bitrate (8 kHz sampling frequency × 8 bits per sample
    • Typical algorithmic delay is 0.125 ms, with no look-ahead delay
    • G.711 is a waveform speech coder
    • G.711 Appendix I defines a packet loss concealment (PLC) algorithm to help hide transmission losses in a packetized network

    Softphone-related firewall-requirements

    The customer firewall should allow these traffics for Softphone service:


    There are other factors worth considering when there are problems related to softphone:

    • Various firewall-settings
    • Pop-up blockers
    • Intrusion Detection Systems (IDS)
    • Access-filters in routers
    • Load-balancers
    We are in general not supporting terminal servers and Citrix-based solutions. We have customers using our agent application through Citrix, but the setup and management is entirely on our customers side to understand and handle. As far as we know, no customers are handling Softphone through Citrix due to bandwidth restrictions etc.


    The amount of web traffic between the agent application and the Puzzel platform, depends on many factors. Some important factors are:

    • Which features in the agent application are most frequently used by the agent
    • The number of queues in the customer’s Puzzel-solution
    • The periodic queue refresh configuration (how often refresh)
    • How often the agent manually refreshes in the agent application
    • The number of calls/emails/chats per day to each agent
    • The number of status changes per day (Log on/off/pause/back)
    • How often the agent uses contact search
    Puzzel Agent Application
    Description Amount of data sent/received Update frequency
    Status < 1 KB for status Updated automatically every 5th sec


    Agent Normally sees the Queue overview in the agent application

    Depends on the number of queues. Approx. 0,4KB per queue + 1KB “overhead”.
    Example: 5 queues = 5x0,4KB + 1KB = 3KB
    By default, updated automatically every 10th sec
    Other Activity Status change, call commands, < 1KB
    Search: depends on result set, typically around 10kB.
    On agent action

    If the available bandwidth for Puzzel is too small, this will of course affect the agent application. Automatic queue updating and actions like log on/off or transfer calls will take relatively longer time.


    Customers using Puzzel-Salesforce integration CTI adapter, should note that Puzzel will initiate the request towards Salesforce during SSO process originating from Auth.puzzel.com.

    In order for the adapter to be accessible, customers firewalls must allow access to the IP address range [[ –] as source.

    Basic requirements for Puzzel Case Management[Puzzel Ticketing]

    Browser and domain requirements for Puzzel Case Management

    Browser Lowest Version Supported
    Google Chrome 72
    Opera 63
    Firefox 68
    Microsoft Edge (Chromium) 81


    Please note that the browser requirements mentioned in the above table is for Puzzel Case Management standalone. In an integrated setup, it will align with the Puzzel Agent Application browser requirements.
    Adding our SPF record

    You will need to add the SPF record for your domain in the following way:

    1. Log in to the control panel for your domain or mail server
    2. Open your DNS configuration settings and edit your zone file
    3. If you have no current SPF record, Add the following as a .TXT record: v=spf1 include:spf.logicalware.com ~all
    4. If you already have an SPF record, please modify your existing record as follows:

            Include our SPF value at the beginning of your current record: v=spf1 include:spf.logicalware.com (followed by any other records) ~all

    1. Save your changes
    Adding our DKIM record:
    1. Log in to the control panel for your domain or mail server
    2. Open your DNS configuration settings and edit your zone file
    3. Add a CNAME record:
      • hostname: lw._domainkey.domain.com
      • record: lw.domainkey.logicalware.com
    4. Save your changes.

      Attachment size limit in Puzzel Case Management

      Below are the attachment size limits Puzzel Case Management

      •    Incoming email max size: 50MB
      •    Incoming email max attachment size: 50MB
      •    Outgoing email max size: 40MB

      All mentioned sizes includes encoding which adds 30% to the total size. So an image of 10MB will be encoded to be 13-14 MB. Please keep in mind that Puzzel Case Management is using Amazon Web Services and needs to comply to their limits, with reference to the FAQ section of AWS.

      Processing and storage of data in Puzzel Case Management

      Puzzel Case Management location used for processing and storage of data is primarily "AWS region Europe Ireland". The services used are RDS, S3 and Elastic Search.

      In addition to the AWS Ireland infrastructure, new Puzzel Case Management solutions can also be set up in 'Data Centre 1: Puzzel DC 1, Oslo, Norway'. Here, both application and data storage operations are exclusively maintained within this infrastructure, without interfacing with any public cloud services.
      In addition to the above mentioned services, the AWS global services Route 53 and Registrar are used for DNS. As global services, these are not confined to a specific geographic location and also do not store any customer data.
      More details about how AWS enforces privacy of customer’s data is documented here:  https://aws.amazon.com/compliance/data-privacy-faq/.

      For in-depth details on Puzzel's Oslo data centre specifications, refer to: https://help.puzzel.com/product-documents/technical-specs/basic-requirements/puzzel-agent-application-ticketing-and-wfm

      Contact Puzzel Helpdesk for any further questions related to the above topic.

      TLS Encryption

      The Puzzel Case Management application transports outbound messages via SMTP using "Amazon AWS SES" or "Postfix" mail gateway(s).

      Furthermore, TLS 1.3 is used for data encryption and is backward compatible. For example: if an inbound message is received with TLS 1.2, TLS 1.1 or No Encryption, the response will match the same encryption methodology.

      Basic requirements for Puzzel Workforce Management

      Puzzel WFM is a web based application and can be accessed using the following URL:

      • WFM Planner Portal : https://planner.wfm.puzzel.com – Access on port 443
      • WFM Agent Portal : https://agent.wfm.puzzel.com – Access on port 443
      Browser requirements for Puzzel WFM

      Puzzel WFM supports all major web browsers.

      Browser Supported versions
      Google Chrome Latest
      Firefox latest and extended support release (ESR)
      Microsoft Edge (Chromium) Two most recent major versions
      Edge Two most recent major versions


      24/08/2020 - 13:10

      Last updated

      13/10/2023 - 10:08