Beyond Identity incident

Windows Platform Authenticator unable to login to Microsoft Office products on Windows

Minor Resolved View vendor source →

Beyond Identity experienced a minor incident on September 22, 2023, lasting 5h 29m. The incident has been resolved; the full update timeline is below.

Started
Sep 22, 2023, 06:51 PM UTC
Resolved
Sep 23, 2023, 12:20 AM UTC
Duration
5h 29m
Detected by Pingoru
Sep 22, 2023, 06:51 PM UTC

Update timeline

  1. investigating Sep 22, 2023, 06:51 PM UTC

    We have identified an issue with the release 2.88.0 on the Windows platform when signing in to Microsoft Office applications. The web apps work just fine, but the locally installed Office apps have issues signing in with a new user. Our engineering team is investigating.

  2. identified Sep 22, 2023, 08:39 PM UTC

    The issue has been identified, and a hotfix will be released. We are tracking this issue with bug tracker BIT-1638.

  3. resolved Sep 23, 2023, 12:20 AM UTC

    A hotfix for Windows platforms has been released. The 2.88.1 version will fix the issue. Release notes can be found at https://support.beyondidentity.com/hc/en-us/articles/17749590174871-Version-2-88-1-Endpoint-Release-Notes. The postmortem will be published once the engineering team has performed it.

  4. postmortem Sep 25, 2023, 11:59 PM UTC

    # INC-232 Unable to authenticate to Microsoft apps - postmortem report # Executive Summary ## Summary Beyond Identity released endpoint version 2.88.0 on September 21st, 2023, at 11:18 PM. The Windows Platform Authenticator contained a code change that didn’t pass the correct redirection to the Microsoft webview window, breaking authentication to native Microsoft Office apps on Windows. A hotfix 2.88.1 was released on September 22nd, 2023, at 07:20 PM CDT for Windows platform to fix the issue. ## Customer Impact All customers using Windows who upgraded to the 2.88.0 version were impacted. Updating to the fixed version will fix the issue immediately. # Leadup Beyond Identity released 2.88.0 endpoints on September 21st, 2023, at 11:18 PM CDT. # Fault On Windows, authenticating to native Microsoft Office Applications was hanging in the webview window after successful authentication. # Detection A customer support ticket was opened on September 22nd, 2023, at 11:23 AM CDT. # Root causes * An unintentional change in the Microsoft webview window behavior on the Windows platform. * The code review didn’t catch the change as the impacted line was not changed directly. * Microsoft caches the login, and the QA team didn’t catch the issue. * A faulty code was released. # Mitigation and resolution * A bug was identified and fixed. * Hotfix 2.88.1 for Windows was released. # Lessons learned * \[BIT-1643\] We need to add a unit test that tests whether the content passed to this specific webview is actually a URL. * \[BIT-1644\] The end-to-end testing needs to include a case that verifies that we do a valid redirect back to the application at the end. * \[BIT-1645\] The QA team will add a pre-requisite for automated UI testing to clear potentially cached Microsoft sign-in.