Recruitment Marketing Public
Introduction
This document discusses the various domain scenarios the Recruitment Marketing platform supports. The module has been designed to install seamlessly into your existing infrastructure and domain structures.
However, due to the way that web cookies operate on the internet, there are a number of restrictions that apply if you want to track candidates across your web properties.
This document will use a fictitious company, Acme, with a domain of acme.com.
Security
The Recruitment Marketing platform requires an SSL on each domain it’s hosted on.
Options
There are 3 available options, summarised below and in more detail further down the page.
Summary of domain options
| Domain example | SSL Cert Required | Candidate Tracking | Content Heatmaps | External Tracking Script | |
|---|---|---|---|---|---|
| Default | acme.career-pages.com |
Supplied | Yes | Yes | No |
| Dedicated Domain | my-acme-career.com |
Supplied | Yes | Yes | No |
| Sub-domain | careers.acme.com |
Supplied | Yes | Yes | Yes |
Default domain
Recruitment Marketing ships with a default domain of career-pages.com, so without any further configuration, Acme’s pages are available on acme.career-pages.com.
This default domain automatically has a wildcard SSL certificate available, so no further configuration is needed, and all pages are available only on https protocol.
Pages on this domain automatically track people and content heatmaps.
Career-pages was chosen as a non-Recruitment Marketing-branded generic domain. In general, customers prefer to use custom options.
Custom dedicated domain
Recruitment Marketing can be deployed to a custom dedicated domain in the format <domain>. For example, Acme might choose to deploy to my-acme-career.com.
The SSL certificate is generated on the client's behalf, via Amazon Managed Certificates. More information on this process is detailed below.
This means that Recruitment Marketing landing pages would be available on URLs like https://careers.acme.com/about.
Note: An important limitation of this deployment option is that because there is a domain difference between acme.com and my-acme-career.com, the external tracking script will not be able to track candidates' behaviour between the domains.
Custom company sub-domain
Note: This is the most widely deployed and recommended option.
Recruitment Marketing can be deployed to a custom sub-domain in the format <subdomain>.<domain>. For example, Acme might choose to deploy to careers.acme.com.
The SSL certificate is generated on the client's behalf, via Amazon Managed Certificates. More information on this process is detailed below.
This means that Recruitment Marketing landing pages would be available on URLs like https://careers.acme.com/about.
In this configuration, because the Recruitment Marketing module is on a company sub-domain, the Recruitment Marketing External Tracking Script can be installed onto any other product within the company's domain, to track candidate behaviour between the sites and Recruitment Marketing.
For example, if Acme has product pages on www.acme.com and Recruitment Marketing on careers.acme.com, they can track candidates who interact with both properties. This is because the Recruitment Marketing tracking cookie will be presented to all products with the tracking script on *.acme.com.
SSL Certificate
PageUp generates SSL certificates on clients' behalf via Amazon Web Services Managed Certificates. This is a simple process where the client’s IT team creates a DNS entry that authorises PageUp to then complete the process.
The benefits of this process is that PageUp absorbs the cost of the certificate and the certificate renews automatically each year, as long as the DNS entry is still in place.
The steps involved are:
- PageUp generates an SSL certificate and provides a DNS entry to the client.
- The client's IT team adds a DNS entry which must be completed within 72 hours.
Following successful validation, PageUp will complete the necessary provisioning steps.
FAQ
Certificates expire by nature and need to be renewed. How does this impact how we support career sites over HTTPS?
The certificates that we generate are valid for 12 months and will automatically renew for another 12 months provided the certificate remains active from the client's side. If the client revokes it on their end, then it will renew without issue.
If 3 days pass after expiry without the record being re-added, the certificate cannot be renewed.
Can the client provide the certificate for PageUp to host? Is this supported?
This is not supported as it cannot be managed in a scalable manner. For example, if certificates expire every 12 months, there will be the overhead to obtain and install a new certificate every 12 months.
The client is worried about letting PageUp create certificates and it posing a risk that SSL certificates could then be issued for any URL ending in the client's domain name. Is there any need for concern?
By adding the DNS record, the client is allowing PageUp to create certificates for the domain that they provide through the CNAME. This is by design to ensure a scalable way to manage all of our clients' SSL certificates.
Refer to AWS Certificate Manager (ACM) for more information.
PageUp uses AWS ACM to ensure that we can scale the provision and operation of SSL Certificates to all clients seamlessly.
ACM allows for quick provision, auto-renewal and no custom certs from multiple clients, suppliers and Certificate Authorities to manually manage.
The client wants us to support both careers.acme.com and www.careers.acme.com
We do not support this, and if the client is insistent then we ask them to redirect www.careers.acme.com to careers.acme.com, which is something they would have to handle with their own domain provider.