The creation of a new tenant would fail with an internal (undefined) error. Additionally, it was reported late in the incident investigation that changing a user to a privileged role which required MFA to be enabled also failed.
This impacted the AU, SG, US, UK, EU deployments.
1 Mar 2022, 05:30 UTC
1 Mar 2022, 07:30 UTC
During both Tenant Creation and Privilege User rights elevation uniFLOW Online requires MFA to be enabled. In the case of the tenant creation, it is the creation of the Root Tenant Admin account.
The user permissions for this action are managed by Microsoft’s Roles Based Access. It was identified that the role in use could no longer set the MFA options due to an unknown Microsoft change. The role used had the required permission and capability since MFA was introduced last year with uniFLOW Online 2021.2.
Once identified our team was able to rectify the configuration to use a new permission role with the required permission. This was tested and reviewed in accordance with our ‘Least Privilege Model’.
We apologize for the impact to affected customers. We are continuously taking steps to improve the uniFLOW Online Platform and our processes to help ensure such incidents do not occur in the future. The use case will be reviewed with the Quality Assurance and Operations teams. Testing scenarios will be investigated which will highlight such changes or failures with the Microsoft MFA process in the future.