SAML Authentication Security Enhancements 

Download the PDF of this article. 

In this Article
Related Articles

Overview

What’s new

Security alerts are now displayed within your SAML settings to help identify configurations that should be reviewed as part of stricter validation.

You may see critical errors (red) in your SAML configuration when settings require attention. These alerts do not necessarily mean authentication is currently failing, but they should be reviewed to help ensure continued and secure access.

What you should do

If you are an Account Admin

Account admins can review SAML security issues across all users and forms on the instance from a single page in the Admin Dashboard.

  1. Go to the Admin Dashboard and navigate to Forms > Security Issues, or go directly to: https://xxxxx.tfaforms.net/admin/forms/security-issues 
    • Replace "xxxxx" with your FormAssembly subdomain.
  2. Review the list of flagged forms. 
    • The table displays the Form Name, Form ID, Form Owner, and Issues. Hover over the listed issue to view more information about the issue identified for each flagged form.
  3. Click Review Config to view the SAML configuration details.
  4. Work with the form owner to make the necessary updates, or update the configuration directly if you have access to the form.
    • Note: To update the configuration directly, an admin must have the following permissions:
      • Allow administrator to access user's data
      • Can manage form identity providers
  5. Save the configuration.

Note: This page is only accessible to users with Admin permissions. Standard users should follow the steps in the "If you are a Standard User" section below to review their own forms.

If you are a Standard User (Form by Form Authentication)

  1. Go to the Forms with Security Issues page: https://xxxxx.tfaforms.net/forms/security-issues 
    • Replace "xxxxx" with your FormAssembly subdomain name
  2. Review any forms flagged with issues.
  3. Click Review Config to view details and make any necessary updates.
  4. Save the configuration

Note: Consider transitioning to shared SAML configurations. This allows certificates and security settings to be managed in a central location rather than updated individually for each form.

If you are using User Login SSO (Single Sign-On)

  1. Go to the Admin Dashboard > Security.
  2. Review any issues listed at the top of the page.
  3. Click View Advanced Settings to make any necessary updates.
  4. Save the configuration.

Test the SAML Configuration

You can test against the stricter validation rules and validate your setup by clicking Test Configuration on the SAML Configuration page. 


How helpful was this article?
Thank you for your review!

Terms of Service · Privacy Policy