We ended up being able to solve it by whitelisting:
*.api.oneall.com AND https://secure.oneallcdn.com (This domain is used to load the button css in the login iframe and without it the buttons don't showup.)
But that IP is good to know! Thanks!
Thanks for responding Claude,
We just added this plugin and our users are used to logging in with Facebook. We switched to this plugin to enable LinkedIn, Google, etc.
We did setup a custom edit profile page with the link option. But I was try…