Flexera One UI - All Regions - Access Disruption

Update timeline

1. investigating Mar 18, 2026, 03:36 PM UTC

   Incident Description: We experienced an issue affecting access to the Flexera One UI across North America (NA), Europe (EU), and Asia-Pacific (APAC) regions. During this time, customers attempting to start new sessions or log in to the UI may have encountered access errors. Customers who already had an active session open may have continued to access the UI, while new login attempts could fail. As a result, some users may have been unable to access the UI during the incident window. Priority: P1 Incident Start Time: March 18, 2026, 02:39 AM CT Incident End Time: March 18, 2026, 04:35 AM CT Incident Duration: 1 hour 56 minutes Restoration Activity: Our technical teams investigated the issue and identified a configuration change affecting UI access controls. The change was reverted, restoring normal access to the Flexera One UI across NA, EU, and APAC. The service has been operating normally since the fix was applied, and we continue to monitor the environment.

2. resolved Mar 18, 2026, 03:43 PM UTC

   The issue affecting access to the Flexera One UI across NA, EU, and APAC has been resolved. The service has been operating normally since the fix was implemented, and we continue to monitor the environment.

3. postmortem Mar 31, 2026, 06:34 AM UTC

   **Description:** Flexera One – UI – All Regions – Access Disruption \(HTTP 403 Errors\) **Timeframe:** March 18, 2026, 2:39 AM PDT – March 18, 2026, 4:35 AM PDT **Incident Summary** On March 18, 2026, at approximately 2:39 AM PDT, an issue was identified affecting access to the Flexera One UI across North America \(NA\), Europe \(EU\), and Asia-Pacific \(APAC\). During this period, customers attempting to start new sessions or log in to the UI may have encountered HTTP 403 errors when attempting to access the service. Customers who already had an active session open may have continued to access the UI, while new login attempts could fail. As a result, some users may have been unable to access the UI during the incident window. Technical teams began investigating immediately and confirmed that the issue was related to a recently introduced security control change that affected legitimate access requests more broadly than intended. By March 18, 2026, at approximately 4:35 AM PDT, the change had been reverted and access to the Flexera One UI was restored across all affected regions. Following validation that login and access behavior had returned to expected operation, the incident was considered resolved. **Root Cause** The incident was caused by a recently introduced security control change that behaved more broadly than intended and unintentionally blocked valid customer access requests. This prevented some customers from successfully starting new sessions or logging in to the Flexera One UI and resulted in HTTP 403 errors during the incident window. **Remediation Actions** The following actions were taken during the incident response: 1. Incident Detection and Response Initiated: Technical teams were notified of the access issue and began investigating the disruption affecting the Flexera One UI across all regions. 2. Impact Isolation: It was confirmed that the issue was affecting new login attempts and session initiation, while some existing active sessions could continue operating during the incident window. 3. Change Review and Validation: The recently introduced control change was reviewed to determine why legitimate customer access requests were being blocked. 4. Corrective Change Applied: The change responsible for the unintended blocking behavior was reverted to restore normal access. 5. Service Restoration Verification: Following the corrective action, access to the Flexera One UI was validated across affected regions and confirmed to be functioning normally. **Future Preventative Measures** This incident highlighted the importance of strong validation, coordination, and monitoring when implementing access-related control changes within a centralized configuration. Based on this experience, the following measures are being applied: 1. Change Validation and Deployment Controls: We are strengthening review, validation, and staged deployment practices for access-related control changes before they are applied more broadly. 2. Rollback and Communication Readiness: We are reinforcing rollback preparedness, stakeholder communication, and post-change monitoring to reduce the likelihood and duration of similar issues. 3. Alerting Sensitivity Review: We are reviewing alerting sensitivity to help identify unintended access disruptions sooner following similar changes.