Tenfold Single Sign-On Login Issues

Thank you for your patience. After working closely with affected customers, we believe the issue is now resolved.

We have also confirmed that for Ping Identity, both Always Sign Assertion and Sign Response As Required under the Signature Policy must be set to true for SSO to function properly.

If you still experience log-in issues after following the steps outlined in this incident, please contact our Customer Care team for assistance.

Since we cannot determine whether customers' Identity Providers (IDPs) validate SAML signatures, our teams have proactively contacted all customers using Single Sign-On (SSO) with a SAML certificate.

While the issue has primarily affected Ping Identity customers, we have also identified potential impacts on Microsoft Active Directory Federation Service (ADFS) customers, who may need to enforce signing SAML authentication requests.

To enforce SAML request signing in ADFS, follow Microsoft's guide:
🔗 Microsoft Documentation: https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/howto-enforce-signed-saml-authentication

If these solutions do not resolve the issue with your IDP, please contact our Customer Care team:
📞 Phone: +1-512-770-9100
🔗 Support Case: https://community.liveperson.com/kb/articles/1533-tenfold-voicebase-support

Summary:
Following our early morning Tenfold Unplanned Security Update—v5.30.1 Release, https://status.tenfold.com/incidents/4y87xksbfyfz, some Tenfold customers are experiencing Single Sign-On (SSO) login issues.

The most common error occurs after entering the SSO Organization or domain name in the Corporate Login tab of dashboard.tenfold.com, the UI, or the Chrome Extension. Users may see an "Invalid Signature" error, preventing them from logging in.

Who is Affected?
Some SSO customers using Tenfold have Identity Providers that do not validate SAML request signatures, resulting in unsigned signatures.

How do you fix it?
The impacted Identity Provider (IDP) currently appears to be Ping Identity. To resolve this, work with your IDP Admin to update the settings:

Ping Identity Configuration:
In PingFederate, navigate to Identity Provider → Protocol Settings → Signature Policy
Set Always Sign Assertion to true
https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/help_spprotocolsettingstasklet_spsignaturepolicystate.html

Microsoft Active Directory Federation Service (ADFS):
https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/howto-enforce-signed-saml-authentication

If you're using a different IDP and experiencing issues, please contact our Customer Care team through either of the following channels:

Phone: +1-512-770-9100
Via Case: https://community.liveperson.com/kb/articles/1533-tenfold-voicebase-support