Andrew Wood
Articles
-
Video: PIN as an MFA method demo
Version Affected: All Description: This video shows how to setup and configure PIN as an MFA method Cause: PIN can be useful in circumstances where a phone is not allowed in a secure environ...
-
Video: Risk Confidence engine with Level of Assurance Demo
Version Affected: 24.04 Description: Demo of how the new Level of Assurance engine can improve your security and reduce friction Cause: Reach out to your CSM for more information Resoluti...
-
Accept Method missing from Multi-Factor Methods tab in Advanced Settings
Version Affected: 20.06 onwards Description: When trying to configured multifactor methods, when the Request Type is set to Accept/Deny, you should be also able to choose between "User pushes Ac...
-
Enforce Password Change and Minimum Password Age
Version Affected: 20.06+ Description: From 20.06 HF11 onwards, we introduced a fix to prevent Users from bypassing the minimum password age setting in AD. Prior to this, the Enforce Password ch...
-
PEAP RADIUS ERROR EAPSession: Failed to load SSL Session
Version Affected: 22 Description: Our more recent RADIUS servers support PEAP. However, when trying to connect, you see this error in the RADIUS logs ERROR EAPSession: Failed to load SSL Sessio...
-
SAML Consumer with SP Init Realms
Version Affected: All Description: When Federating with another IdP, if the Users don't already exist in a Datastore connected to SecureAuth, you need to set the DataStore to No Data Store. Wit...
-
X-Frame-Options Header being set to SAMEORIGIN
Version Affected: 19.07.x and above Description: In 19.07.x SecureAuth is setting an extra header called X-Frame-Options with a value of SAMEORIGIN. This can break the use of iFrames. Cause: O...
-
How to increase the allowed clock skew for API calls
Version Affected: All Description: We have a default clock skew of 1 minute for calls to the Authentication API. This should be sufficient and we don't recommend increasing it. Instead, all th...
-
Internal: Connector Config Decrypt
Version Affected: All Description: When troubleshooting Connector issues, it's sometimes helpful to be able to decrypt the Connector Config so that you can see if the correct settings have been ...
-
Wrong ACS URL when setting SAML SSO
Version Affected: All Description: When configuring SAML SSO Identity Provider, the ACS URL in the UI is different to the ACS URL in the Metadata Cause: There is a bug with Vanity domains th...