Tenfold experienced a major incident on March 27, 2025 affecting API and Dashboard and 1 more component, lasting 3h 21m. The incident has been resolved; the full update timeline is below.
Affected components
Update timeline
- identified Mar 27, 2025, 04:56 PM UTC
Summary: Following our early morning Tenfold Unplanned Security Update—v5.30.1 Release, https://status.tenfold.com/incidents/4y87xksbfyfz, some Tenfold customers are experiencing Single Sign-On (SSO) login issues. The most common error occurs after entering the SSO Organization or domain name in the Corporate Login tab of dashboard.tenfold.com, the UI, or the Chrome Extension. Users may see an "Invalid Signature" error, preventing them from logging in. Who is Affected? Some SSO customers using Tenfold have Identity Providers that do not validate SAML request signatures, resulting in unsigned signatures. How do you fix it? The impacted Identity Provider (IDP) currently appears to be Ping Identity. To resolve this, work with your IDP Admin to update the settings: Ping Identity Configuration: In PingFederate, navigate to Identity Provider → Protocol Settings → Signature Policy set Always Sign Assertion and Sign Response As Required to true are required. https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/help_spprotocolsettingstasklet_spsignaturepolicystate.html Microsoft Active Directory Federation Service (ADFS): https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/howto-enforce-signed-saml-authentication If you're using a different IDP and experiencing issues, please contact our Customer Care team through either of the following channels: Phone: +1-512-770-9100 Via Case: https://community.liveperson.com/kb/articles/1533-tenfold-voicebase-support
- identified Mar 27, 2025, 05:27 PM UTC
Since we cannot determine whether customers' Identity Providers (IDPs) validate SAML signatures, our teams have proactively contacted all customers using Single Sign-On (SSO) with a SAML certificate. While the issue has primarily affected Ping Identity customers, we have also identified potential impacts on Microsoft Active Directory Federation Service (ADFS) customers, who may need to enforce signing SAML authentication requests. To enforce SAML request signing in ADFS, follow Microsoft's guide: 🔗 Microsoft Documentation: https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/howto-enforce-signed-saml-authentication If these solutions do not resolve the issue with your IDP, please contact our Customer Care team: 📞 Phone: +1-512-770-9100 🔗 Support Case: https://community.liveperson.com/kb/articles/1533-tenfold-voicebase-support
- resolved Mar 27, 2025, 08:18 PM UTC
Thank you for your patience. After working closely with affected customers, we believe the issue is now resolved. We have also confirmed that for Ping Identity, both Always Sign Assertion and Sign Response As Required under the Signature Policy must be set to true for SSO to function properly. If you still experience log-in issues after following the steps outlined in this incident, please contact our Customer Care team for assistance.