Benevity incident

Grants Essentials Unavailable for Some Clients

Major Resolved View vendor source →

Benevity experienced a major incident on September 25, 2025, lasting —. The incident has been resolved; the full update timeline is below.

Started
Sep 25, 2025, 07:15 PM UTC
Resolved
Sep 25, 2025, 02:00 AM UTC
Duration
Detected by Pingoru
Sep 25, 2025, 07:15 PM UTC

Update timeline

  1. resolved Sep 25, 2025, 07:15 PM UTC

    From approximately 4:07pm MT to 7:53pm MT on September 24, 2025, Benevity Grants Essentials was unavailable to some clients that had a specific SSO configuration.

  2. postmortem Oct 01, 2025, 02:49 AM UTC

    ## Summary On Wednesday, September 24, 2025, clients using Auth0 Single Sign-On \(SSO\) to access the grants portal experienced a login interruption between approximately 7:06 PM and 7:49 PM Mountain Time. The interruption occurred due to an internal system update that unintentionally overwrote the correct login configurations. As a result, login requests from identity providers were not recognized, producing a "Callback URL mismatch" error message for users. Our technical team identified the issue and restored the correct settings, after which services returned to normal. The system has remained stable since the resolution. ## Impact Clients using Auth0 SSO were unable to log in to the portal during the disruption window. ## Root Cause An internal system update inadvertently replaced the correct SSO login configurations. This caused login requests from identity providers to be rejected, resulting in the "Callback URL mismatch" error message. ## Future Mitigation To reduce the risk of similar issues and strengthen platform reliability, we are implementing the following measures: * **Enhanced Monitoring & Alerting:** Improved real-time monitoring and alerting on login systems to detect and address anomalies more quickly, often before they affect clients. * **Unified Configuration Management:** Consolidation of system configurations into a single, automated source of truth. This prevents manual changes or outdated settings from being applied during updates, eliminating the root cause of this incident. ## Timeline of Events September 24th, 2025 * 19:06 MT - Login issues were identified and escalated to technical support to investigate. * 19:36 MT A severity one incident was created and investigation into the issue the issue began. * 19:50 MT - The root cause of the issue was identified. * 19:53 MT - A fixed was applied to restore access to all Auth0 users. The incident was resolved and system was fully operable.