PSB Portal user migration to shared F-Secure authentication service - login flow change happens earl
Migration goals and benefits
The goals of the portal user migration process are:
- Enable two factor authentication for PSB users
- Enable now the use of PSB and RDR portal with single credential
- Enable later use of multiple F-Secure services with single credentials (e.g. PSB Portal, RDS Portal, Partner Portal 2)
Migration will be run in 3 phases:
- Migration of data and identification of conflicting users: In this phase all user credentials are moved from PSB portal to shared F-Secure authentication service. During this phase, F-Secure has identified that less than 1% of accounts had conflicts.
- Informing: The administrators of partners and companies are clearly informed that certain users have conflicts by a red banner on PSB Home page (below).
Clicking on the banner leads to the Account page where all conflicting users are grouped under a new tab. By clicking on a user, a text inform to activate the new accounts that have been automatically created (below).
During this second phase, the login flow has not yet been modified.
- Activating the new login flow: The authentication is changed to happen against the shared F-Secure authentication service. The PSB login screen is modified to only request the user name.
The password is entered on the next login screen.
User with conflicts will be guided to take their new user name into use. If PSB detects that the username belonged to a conflicting user, it redirect to a page informing the user and automatically sending an email to activate the new account.
What should I do now?
There is just one thing that you need to do: please verify that your user account has a proper e-mail address configured into use. By having a valid email configured for your user, you will guarantee your access to PSB portals in all possible problem cases.
Note: If the portal informs you that the email address is already in use you should modify it as in: [email protected]> [email protected]
For more information about the "+tag" sub-addressing (for more information see https://en.wikipedia.org/wiki/Email_address#Subaddressing). Emails will be sent to your email without a tag to maximize compatibility with mail servers.
- REST API integration will not work with users that have enabled 2FA.
What will change after first phase is done?
- Username and password will stay same for almost all users.
- There are some few hundred usernames that are duplicate in the European region due to F-Secure running multiple PSB portals. Our migration process will create a new user for every duplicate user automatically and inform about the new user with the email used by that user. You can take the new user into use immediately when receiving the email about it.
- When creating new users, you must provide both an unique username and email. If you need to have multiple users with same email, you can use the "+tag" sub-addressing (for more information see https://en.wikipedia.org/wiki/Email_address#Subaddressing) by entering you second email in format [email protected] instead of the original [email protected] Emails will be sent to your email without a tag to maximize compatibility with mail servers.
What if I cannot login to PSB portal after login flow change is done?
There are following ways to get access back
- Try to reset your password. If you receive the reset password email, you can set a new password and continue the use.
- If someone else has working users for the same account, they can create you a new user.
- Contact the re-seller who you bought the service, so they can help you.
- F-Secure support can only help you in case your company information has a working email and phone number in F-Secure CRM system.
we are now running the migrations in EMEA portals and those users who do not have unique usernames (e.g. you have username John for both EMEA1 and EMEA2 portals) between EMEA1-3 PSB portals, RDS and Partner Portal 2, will be receiving emails like following:
Please take this new user into use, as the old one will stop working when we switch the authentication flows to use the shared F-Secure authentication service. Old user can be still used, but it will stop working later when we do the switch.
due to unfortunate error some of the emails for the conflicting users included a link to old PSB portals instead of the correct password reset link. We are very sorry for this.
If you got this email with link to old PSB portal (no emea in the URL), you can get the new user into use by following the link in email to the login page and then ask for new password reset link with the "Forgot password" functionality. This new email will have correct link to set the password.
so we are finally enough confident on the process that we have deviced that the targeted date for this 1st phase change is 28th of August 2018.
So unless nothing changes, it will happen during that day for all PSB portals.
PS. Here are also the pictures of the 2 visual changes in PSB portal after the 1st phase change happens:
#1 - Login flow happens via shared F-Secure Business Account login service (Oneid)
#2 - You can enable 2FA from the My account page1
sorry, but due to some findings we are not able to make the 1st phase change on 28th of August, but it is instead delayed to middle of September. We will let you know the new date a bit later.
due to delay in the finalization of first phase we have now seen a new problem for some customers creating new users with spaces in them. These will end up sending a new user within 15 minutes where spaces are replaced with _ character.
So what is happening here:
1. User "Firstname Lastname" was created to PSB portal and it starts to work normally, as it is only created to PSB portal at this point.
2. As we haven't been able to switch to F-Secure authentication service yet, we have live migration running constantly to create users also to F-Secure authentication service. This is executed once every 15 minutes. Live migration tries to create user " Firstname Lastname", but F-Secure authentication service rejects it as it doesn't support spaces. So our migration tries to solve the situation. In this case only way was to create the user without spaces.
--> So this is where the new user, Firstname_Lastname, got created.
Please take the Firstname_Lastname user into use and delete the one with spaces. Once we go live with the F-Secure authentication service flows the user with space cannot anymore login to the system.
as many of you have noticed we did not manage to get this change rolled out during September and nor in October. We just kept finding more and more corner cases that forced us to implement proper conflicting user handling process. This new process is going to be rolled out to production during this week. And currently we are looking at changing the login flows earliest on 7th of November. This might still be delayed depending on how quickly these conflicting users get handled.
For detailed new information go to the opening post at https://community.f-secure.com/t5/Protection/PSB-Portal-user-migration-to/m-p/108739/highlight/true#M1106
we have removed the conflict handling login flow from all EMEA PSB portals and Apac and Amer will follow still this week. Now the login on PSB portal login page will just have a button that takes you to the shared authentication service where you enter the username and password.