Thycotic incident

Platform: Global - SAML/Federation Authentication Failures

Minor Resolved View vendor source →
Started
Apr 10, 2026, 04:11 AM UTC
Resolved
Apr 03, 2026, 10:00 PM UTC
Duration
Detected by Pingoru
Apr 10, 2026, 04:11 AM UTC

Update timeline

  1. resolved Apr 10, 2026, 04:11 AM UTC

    This incident has been resolved. SAML/Federation authentication has been fully restored for all affected tenants. A platform update deployed earlier today introduced a change that caused login failures for tenants with non-default SAML issuer settings. We apologize for the disruption and will be publishing a full post-incident review. Investigating We have received reports of SAML/Federation users being unable to log in to their Delinea Platform tenants. We are actively investigating the issue and will provide updates as more information becomes available. Tenants using username/password authentication are not affected at this time.

  2. postmortem Apr 10, 2026, 04:47 AM UTC

    ### Incident Overview On Friday, April 3rd, 2026, a subset of SAML/Federation users were unable to authenticate to their Delinea Platform tenants. The issue was first reported at approximately 5:01 PM ET and was fully resolved by 8:38 PM ET following a rollback of a recent platform update. Tenants using the default SAML issuer configuration were not impacted. Customers with local \(non-SAML\) accounts retained access throughout the incident via breakglass or local admin credentials. ### Root Cause A platform update deployed at approximately 4:20 PM ET introduced a code change that inadvertently caused custom SAML authentication configurations to not be correctly applied for affected tenants. This resulted in authentication failures for tenants that relied on a custom SAML issuer, while tenants using default settings were unaffected. A contributing factor was insufficient test coverage for this specific authentication scenario prior to the global rollout of the update. ### Preventive Actions * A code fix is being implemented to ensure custom SAML authentication configurations are correctly applied in all cases going forward. * Automated test coverage is being expanded to include SAML authentication scenarios with custom configurations to prevent similar issues in future releases.

Looking to track Thycotic downtime and outages?

Pingoru polls Thycotic's status page every 5 minutes and alerts you the moment it reports an issue — before your customers do.

  • Real-time alerts when Thycotic reports an incident
  • Email, Slack, Discord, Microsoft Teams, and webhook notifications
  • Track Thycotic alongside 5,000+ providers in one dashboard
  • Component-level filtering
  • Notification groups + maintenance calendar
Start monitoring Thycotic for free

5 free monitors · No credit card required