Minimum Browser Support Changes
Over the last 12-15 months, several vulnerabilities have surfaced that specifically target the secure connection established between a user’s browser and the various web sites and applications that have become indispensable to our professional and personal lives. As new vulnerabilities surface, technologies that in the past were considered “highly secure” become less so, and providers must update their systems to address this. In addition, security standards and frameworks are becoming more explicit in their requirements around SSL/TLS technologies in an effort to reduce exposure to these same vulnerabilities.
These types of configuration changes have a direct impact on which browsers end users can use to connect to OneLogin, and in the case of some, like Internet Explorer, the operating system they use. Therefore, we are providing you advance notice that we will be making updates to our systems that will disable support for browsers using TLS 1.0. We are currently targeting these changes to take effect by April 30, 2016 (target changed to March 27, 2017 on July 19, 2016) which should provide you enough time to evaluate and take action as needed.
In some cases, a browser configuration change will be sufficient, and in others you will need to migrate to a different browser version. We highly recommend that you upgrade to the latest version of any of the major supported browsers, which use TLS 1.2 and have additional built-in safeguards to protect against known attacks.
Again, these changes are required to better protect your secure communications with OneLogin, and it has the added benefit of reducing your security risks when connecting to other web sites and applications.
In order to stay informed of these changes and others, please follow this section of the OneLogin Help Center.