New Login Experience - Partners with custom Branding

Created by Yves Lacombe, Modified on Thu, 05 Nov 2020 at 05:53 PM by Yves Lacombe

Proofpoint is giving the login experience a fresh new look that’s cleaner, brighter and easier to use. This update will be rolled out to production starting on Nov 9th, 2020 and will be completed by November 11th, 2020. No actions are required to receive this update.

Release dates:

Monday, Nov 9th, 2020: US5, EU1
Tuesday, Nov 10th, 2020: US1, US2
Wednesday, Nov 11th, 2020: US3, US4

NOTE: This change is strictly to the the log in experience, so only impacts administrators or end users who log into the User Interface. Silent users without UI access, or users who only use quarantine digests and don't login would not be impacted.

New brand styling

To align with the recent interface upgrade, Proofpoint has updated the branding for both branded and non-branded login experiences.

Current Style .vs. New Style

Color Scheme

Previously, only the partner’s logo was pulled from their account and used on the login landing page.

Now, the partner’s color scheme, as defined on their account, will be also used on the login page.

Partner Name

Partners can also choose to include their name on the login page, in addition to their logo.

For example, in the screenshot about it shows “Bob’s Managed Services” in between the logo and the login field.

New Login Experience

As part of the update, the user login experience has been broken into two steps (currently, the user enters both on the same page)

Step 1: The user enters their email address
Step 2: The user enters their password

Once a user fills in their email address, they will hit continue and see a 2nd page - asking for a password OR they can click on a Microsoft 365 button and auth through that tool as they do today.

A customer can choose (optionally) to force the Microsoft 365 Auth setting if they wish. If they do, the experience will be that the user lands on the login page, enters their email address and will automatically get the Microsoft credential prompt rather than having to hit the button.

Microsoft Integrated SSO

Today, users can sign into the Poofpoint Essentials portal with either a Proofpoint username and password or by manually selecting Microsoft to authenticate their account credentials.

In our new login experience, organizations can choose to force their users to authenticate with only their Microsoft credentials, creating a seamless Single Sign On experience. Users will be prompted to enter their Microsoft credentials immediately after entering their email address.

Prerequisites

In order to force users to authenticate with Microsoft, the following conditions need to be true:

The user must have an active user account in Proofpoint Essentials
The organization must be using and have synced users to Microsoft
The organization must have a valid Azure connection in Proofpoint Essentials
The following setting must be enabled (will be available after the release)

How to Enable Microsoft Integrated SSO

Go to your Proofpoint Essentials login page.
Enter your Username (email address) and click Login.
Enter Password and click Login.
Navigate to Administration > User Management > Import & Sync > Azure Active Directory
Enable Allow users to authenticate with Microsoft
Click save

Enabling this feature will direct all users (including administrators) to login using their Microsoft account.

Logging In With Microsoft Account

We will continue to allow users to manually authenticate using their Microsoft account.

PROCEDURE

Go to your Proofpoint Essentials account login page.
Enter your Username (email address) and click Login.
Click Sign in with Microsoft.
You will be redirect to a Microsoft account login page.
Enter your Microsoft credentials.
If successful, login will redirect you back to Proofpoint Essentials and you will be automatically signed into your account.

FAQ

1. If customers are already using the Office 365 Account button (on our existing page), will it continue to work?
A: Yes, however we have changed the location. Customers will need to enter their email address, click login and then Sign in with Microsoft.

2. Do these changes affect API authentication?
A: No. API auth is still through the PFPT auth (configured username/password).

3. Is there an impact to current or white-label URLs?
A: No.

4. Are there any changes to stack redirects (If a user logs into a different stack URL then they’re account is located)?
A: No.

5. What happens if Microsoft identity platform is down?
A: If the Microsoft identity platform is unavailable, users will be redirect to the Proofpoint Essentials account login page and asked to login using their Proofpoint Essentials credentials.

6. What happens if there is a problem with Microsoft identity platform and I have enabled Allow users to authenticate with Microsoft?
A: If there is a problem with Microsoft IDP, a custom parameter can be passed to utilize standard essentials authorization.

US Interface

Email Address = john.jones@test.com
https://us1.proofpointessentials.com...?main=1&email=EMAIL_ADDRESS
Example: https://us1.proofpointessentials.com/app/login.php?main=1&email=John.Jones@test.com

EU Interface

Email Address = john.jones@test.com

https://eu1.proofpointessentials.com...?main=1&email=EMAIL_ADDRESS

Example: https://eu1.proofpointessentials.com/app/login.php?main=1&email=John.Jones@test.com

7. I presume all login URLs, including whitelabelled URLs, are not changed?
A: Correct

8. In your new login experience 'branded' screenshot, you appear to include a company name and not just the logo. Where exactly is it pulled from?