We are pleased to announce support for a new world class Single Sign-On (SSO) framework at Pipefy. Companies on an Enterprise tier of service can now elect to manage identity with a seamless integration of their current in-house services with little if any need for custom code.
Switching our authentication services
On December 27th, 2018, we enabled authentication services through Auth0, an industry leader in authentication and authorization as a service. Some of the best practices we adopted with this release include:
Auth0's standard for access delegation and authorization, among other things securely granting user access without exposing any credentials.
Open ID Connect identity layer siting on top of OAuth 2 that allows easy validation of user's id as well as basic profile information.
JSON Web Tokens open standard defining compact and self-contained way of transmitting information securely.
SAML allowing Enterprise customers to communicate user authentication and authorization to Pipefy so their employees to use it.
WS-Federation defining the way security tokens can be transported between different entities exchanging identity and authorization information.
As a result of this changeover, all active sessions were expired with previously-stored login information preserved. For instance, existing account password and MFA recovery codes remained the same.
Request to set-up your current Authenticator app
After the migration, all Pipefy users with two-factor authentication previously enabled are requested to activate a new token generation (just after first login) using an authenticator mobile app that can be the same one they used before (along with its previous associated recovery codes).
This step is mandatory in order to regain access to accounts after the migration.
For any Pipefy user that enables multi-factor authentication, they'll be asked to set-up the token generation using any of the recommended mobile authenticator apps after their first login. [hyperlink]Reference our article on MFA if you need more details.
How to request new recovery codes
After authenticating yourself as a Pipefy user, to request new recovery codes you should access the User settings menu item, clicking in your profile picture in the upper right corner of any screen, then on user settings.
Within your user settings screen, click on the 'generate new ones' to request new codes. This operation deprecates all your previously generated codes, making them unusable.
This operation is only needed when your old codes have all already been used or lost. Please, save a copy of those codes in a safe location. In case you don't know how many recovery codes you already used, feel free to generate new ones.
How to request Enterprise SSO
Enterprise SSO setup is available on a scheduled basis. If you're interested at understanding more about this setup and step by step process, click here to check out the How to enable and use Enterprise Single Sign-On (SSO) article for more details.
How your browser settings might prevent login
If you begin facing difficulties logging in after the migration, there are very specific browser settings that may prevent you from logging in to Pipefy successfully.
If that's your case, click here to check out the Custom browser security settings can prevent log-in to Pipefy article for more details.
How to configure your firewall / proxy to login successfully
In case your company has a firewall or a proxy, please make sure the following domains and its subdomains are allowed:
*.pipefy.com
*.staticpipefy.com
*.auth0.com
* means that it should include all subdomains.
How to report new issues
If you start facing difficulties logging in after the migration or your company is currently using Enterprise SSO and you would like to report any issue, please contact our Support team using links you will typically find on the lower right of any page or footer on our site or product.