Why Is OneLogin Deprecating TLS 1.0?
On June 1, 2018, OneLogin will deprecate TLS 1.0 across all its endpoints to mitigate the known security vulnerabilities discovered by the Internet Engineering Task Force. To ensure alignment with the safest and reliable security protocol, OneLogin only supports TLS 1.1 & 1.2 as of June 1, 2018. This change is enforced throughout the industry to maintain secure connections that encrypt and protect your sensitive data from malicious breaches.
What Actions Do I Need to Take?
As of October 31, 2018, Microsoft no longer supports TLS 1.1, all users must use TLS 1.2 to connect to Office 365 services. For this reason, OneLogin will likely deprecate TLS 1.1 within the same time frame. For more information, please see TLS Support at Microsoft. Microsoft provides excellent resources to remove TLS 1.0 and 1.1 from your environments, such as Solving the TLS Problem whitepaper.
We highly recommend that your users upgrade to the latest version of any major supported browsers, which use TLS 1.2 with additional built-in safeguards that protect against known attacks.
Below is a list of actions you should take before OneLogin deprecates TLS 1.0.
Note: Please read our previous announcement that details how to prepare for OneLogin's TLS 1.0 deprecation, Disabling TLS 1.0 Support.
Upgrade Active Directory Connector Important!! Only ADC versions 5.0+ support TLS 1.1+. If you're not using ADC 5.0+, upgrade your connectors prior to June 1, 2018. For more instructions on how to upgrade from ADC 4 to 5, please see Updating Active Directory Connectors.
TLS 1.2 enabled for Windows 7 Read this article for additional information on how to enable TLS 1.2: https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1.1-and-tls-1.2-as-a-default-secure-protocols-in-winhttp-in-windows
Compatible Browsers To ensure you are using compatible browsers, see TLS 1.1 and 1.2 Compatible Browsers.
IE Extension To update IE Browser Extensions for Windows 7, see OneLogin Browser Extensions.
Note: Any type of host you run should support TLS 1.1, and preferably 1.2.