Summary

In order to provide a more streamlined login experience for our users, SafeStack will update its authentication domain name from learn-safestack-io.au.auth0.com to auth.learn.safestack.io on February 10, 2024 (Saturday) as part of scheduled maintenance of its authentication systems.

If you use Single Sign On to log into SafeStack, you may need to make minor changes in the SafeStack client configuration set up with your identity provider. These changes are outlined below.

How does this affect you?

Your login experience will be similar to what it is now, this is simply an update of the domain name that we use for our authentication system. Your existing credentials to log into SafeStack will continue to work as they do now and there will be no change to your training data in SafeStack.

If Single Sign On has not been configured for your organization

After you enter your email address on the login page, instead of being redirected to https://learn-safestack-io.au.auth0.com/ you will be redirected to https://auth.learn.safestack.io/.

If you use a password manager to save your credentials, you may need to find your existing credentials to log into SafeStack by searching for safestack in your password manager. Upon successful login, your password manager may prompt you to add or update your SafeStack credentials (since the authentication website URL will be different).

Our forgot password functionality will continue to work, in case you need to reset your password.

If Single Sign On has been configured for your organization

You may need to update the Redirect URI’s configured for use with the SafeStack client in your identity provider (IdP). Before February 9 2024, both the following redirect URI’s must exist in your configuration:

1. https://learn-safestack-io.au.auth0.com/login/callback

2. https://auth.learn.safestack.io/login/callback

You can make these changes right away without affecting your organization’s access to SafeStack.

Azure AD / Entra ID

If you use Azure AD / Entra ID as your IdP, the redirect URI’s can be configured as per Step 1.8 here

Google Workspace

If you use Google Workspace as your IdP, the redirect URI’s can be configured as per Step 1.6 here

Okta

If you use Okta as your IdP, the redirect URI’s can be configured as per Step 4 here

Once this configuration is in place, you will be able to log into SafeStack as usual from our login page.

Help and Support

Our support team is available via email at [email protected] for assistance with this change, to answer any questions or if you face any issues.

If you require your learners to re-do their SafeStack training again, such as for a start-of-year rollover, Group Leaders can now reset their progress data so that all learning paths, courses, quizzes, labs, and reporting show as incomplete.

Resetting progress can be done across your entire organization from the Organization page, or for the learners and courses within a specific Learning Path from the Learning Paths page.

Some key points to note:

• Learners will retain any badges and achievements they’ve previously earned.

• Historical data will not be available from the Reports section. We recommend downloading and archiving any reports per your organization's compliance and data retention policies before resetting progress data.

SafeStack provides courses that help you achieve your compliance training objectives for frameworks like ISO27001, PCI DSS and SOC2.

Now, you can easily create a Learning Path for all supported compliance frameworks - just click the “Create Learning Path” button on a compliance framework! This will automatically create a new learning path with all the relevant courses, then redirect you to the new learning path, so that you can set a due date, description and enrol your learners into the new learning path.

Using learning paths as a way to achieve compliance training needs has tremendous benefits like:

• learners automatically receive an email about their enrolment into the new learning path

• learners also receive an email reminder to complete the learning path, in case they haven’t completed it, around 5 days before the due date

• group leaders can easily track compliance training progress for every compliance framework, right from the dashboard or via the “Group Progress by Learning Path” report

As learners watch a lesson, SafeStack will track their progress in the background and will mark a lesson as being completed. Occasionally, learners may find that their lesson wasn’t marked as completed depending on external factors such as their network connection. This would mean the learner would have to re-do the lesson or contact our support team for assistance.

We’ve introduced the ability for learners to mark a lesson in the Secure Development program as complete, which group leaders can opt-into from the Organization section under the Settings menu.

Turning this option on will show a Mark as Complete button alongside the player controls when a learner is watching a lesson. Learners are asked to confirm their decision, warning them that their lesson progress will reflect that it was manually completed.

We’ve implemented some extra functionality to enable group leaders to manage their teams better, with the ability to delete users. Simply search for the user you wish to delete in the Manage Users section, then click the Delete button straight from the drop down menu. Alternatively, you can also use the Delete User section while editing a user’s account, at the bottom of the page.

A safety net is also in place to ensure you don’t accidentally delete the wrong user without double-checking. As noted in the confirmation dialog, you can manually download a copy of a user’s progress report before deletion, as all of their data will be lost once deleted.

At SafeStack, we love making it easier for organizations to meet their compliance training requirements. Our training is designed to support compliance requirements for frameworks like ISO27001, PCI DSS and SOC2. In order to highlight what parts of our training apply to which compliance frameworks, a few weeks ago, we released a handy compliance page.

Compliance training is spread across both our Secure Development program as well as the Security Awareness program. Some of our more recent customers were not able to view or buy the Security Awareness program, while we worked on making some strategic changes to the program.

We are now happy to announce that:

1. all Secure Development customers, who didn’t have access to the Security Awareness program, now have access to a limited set of free courses from this program

2. all Secure Development customers can now buy the Security Awareness program as an add-on

3. your learners will not see any Security Awareness content, until one of your Group Leaders assigns them to the program

4. we have redesigned our subscription page to better highlight what plan you are on and what add-ons are available for your organization in SafeStack

5. the subscription page itself has been moved from “Settings → Subscription” to “Subscription” in the sidebar

   

—

Head over to our course catalog and check out the Security Awareness courses available, for free, for your organization!

Or check out the new subscription page, from where you can buy or manage your subscription for any of our programs or add-ons.

PS: You can read more about how we can help you meet your compliance needs here.

Instead of navigating to “Settings → Manage Users”, group leaders can now access the “Manage Users” functionality directly in the sidebar.

We’ve made this minor change to provide better visibility for an important feature used by group leaders.

👇

When setting up your Learning Path, you’ve previously been able to add a due date that your learners should have completed their courses. This due date in some instances would show as being a day forward or behind depending on if learners were in a different timezone.

We’ve now added the ability to set the due time that courses should be completed by, and improved how the due date is shown to group leaders and their learners based on their current timezone.

We're thrilled to introduce a brand-new Organization Settings page, designed to streamline your organizational management tasks and configure SafeStack to meet your team’s needs. Access to this page is reserved exclusively for group leaders of customers on our paid Team plan.

Within this page you’ll find a handy new option to ensure that users from your organization, signing up to SafeStack on their own, get added to your existing SafeStack organization, instead of being added to a completely new SafeStack organization.

Note that such users will be invited as Learners into your SafeStack organization and will not occupy any seats, until a Group Leader assigns them to one of our training programs.