KSAT - Login Issues
Incident Report for KnowBe4
Postmortem

On Tuesday, November 19, 2024, from approximately 12:48 p.m. to 1:22 p.m. (UTC), some customers were unable to log into the KSAT console using SAML single sign-on (SSO).

This issue was caused by an update that added code to validate the expiration date of SAML single sign-on (SSO) certificates sent during login from the user’s identity provider (IdP). Some IdP certificate expiration dates did not pass this validation and the user’s login was blocked as a result. To resolve this issue, we rolled back this update to allow those certificates to be used to process the SSO in the SAML authentication so that users could log in. The KSAT console returned to normal performance by 1:22 p.m. (UTC).

To prevent this type of issue in the future, we are implementing this additional certificate validation as an optional opt-in feature in a future update.

No data loss occurred as a result of this issue.

Posted Nov 27, 2024 - 18:37 UTC
Resolved
This incident has been resolved. We've removed code that validates expiration dates for customer SAML/SSO certificates, and we'll be adding that validation as an optional opt-in feature in the future.
Posted Nov 19, 2024 - 22:06 UTC
Monitoring
A fix has been implemented for this issue and we are monitoring the results.
Posted Nov 19, 2024 - 13:46 UTC
Investigating
We've received reports that some KSAT customers who are using SAML/SSO are unable to log in to their consoles. We are investigating and will update this page when we have more information.
Posted Nov 19, 2024 - 13:06 UTC
This incident affected: KnowBe4 Security Awareness Training (KSAT) (Console).
Current Status Powered by Atlassian Statuspage