For a number of years, Fourth has trusted Salesforce to provide enterprise-level security for its Identity Management Platform (IDP) and Single-Sign-On (SSO) functionality.
In their Spring’23 release, as part of their ongoing improvements, Salesforce will make changes to their SAML framework, bringing it in line with industry standards.
There is a possibility that this change may have an impact on some integrations with the Fourth platform.
If- your users get automatically logged in to a 3rd-party or in-house app that they launch from the 'All Applications' page in the Fourth app
And - the app in question uses SP- or IDP-initiated SSO
Then - it is possible that, following the release by Salesforce, the app may no longer be able to correctly parse the updated Salesforce SAML tokens; causing login to fail for all users.
This should, however, not be a problem for modern SAML implementations.
Important Dates and Further Information
The dates for the Salesforce Spring '23 release are:
North America- 4th February 06:00 GMT
EMEA - 11th February 00:00 GMT
APAC - 11th February 17:00 GMT
More technical details about the Salesforce release can be found here. Unfortunately, this is a global change and cannot be postponed.
The quickest and easiest way to confirm whether or not this will impact a given integration is by carrying out a simple log-in/log-out test. This can only be carried out – prior to the live release date – from a sandbox environment and Fourth only has a short window in which to do this.
There is nothing required from your users or administrators.
Over the next two weeks, Fourth will contact and work directly with your 3rd-party (or internal IT team) to complete these tests:
Fourth will replicate the configuration for the app in its pre-live environment
The 3rd-party/IT team must configure access to their app for Fourth's test user with an ID provided by Fourth
They may also need to set up a new trust relationship on their IDP
Fourth will run a small set of tests and verify that access to the app is working correctly
If the tests are unsuccessful, the 3rd-party app provider may need to upgrade their implementation of SAML before the Salesforce release date in order to maintain service.
If there are any 3rd-parties who are unable to help perform the testing or who cannot carry out remedial work prior to the release date, then Fourth will directly inform all impacted customers as soon as possible so that their users can be advised.
Further Questions and Communication
We appreciate you may have additional questions. Please contact email@example.com with any queries or concerns.
Thank you in advance for your assistance and continued partnership.
The Fourth Product Team