We are making logging in to Happeo more secure (potential action required)

To further enhance Happeo’s security and simplify our codebase, we are changing the OAuth client ID used for the Google login. To ensure a smooth transition, some Happeo customers will need to take action.

You only need to take action if you match the following criteria:

• You have not configured and applied a custom login page (see below how to identify) 

AND 

• You have a strict admin policy enforced in your Google Workspace setup (see below how to identify)

Any customer who has configured and applied a custom login page will not be affected. Read more below to see if this applies to you, and please forward this to your Google Workspace Admin in case it does. Please take action before 12 February 2024.

Here's what you need to know in short: 

• If you have a custom login page configured and applied, no action is required (see how to identify here)
• If you don’t have a login page configured and applied (see how to identify here), you need to check if you have a strict admin policy setup in your Google Workspace (see instructions and video here)
  • If you don’t have a strict admin policy, no action is required
  • If you do have a strict admin policy, you need to configure our new OAuth client ID in your Google Workspace before 12 February 2024 (see instructions and video below)

We are implementing the change in order to improve the security posture of our login flow, as a part of our continuous security enhancement practice. After the update, we will no longer store security tokens in our database, which is a more secure practice. This method is already used by customers who have configured and applied a custom login page. Although the current set-up used by the rest of our customers hasn’t caused any security issues, moving to the new login flow is a natural step towards modern SaaS security. 

The update will also simplify our codebase. This will enable us to both build new features and fix bugs faster due to the reduced complexity.

You have configured a custom login page if:

• You access Happeo on your desktop through a URL that is not app.happeo.com 
  AND 
• you see your own branded login page

In this case you don’t need to take action and nothing will change, even in the background.

Note that you still need to take action if you access Happeo with your own custom domain but have not configured and applied your own login page.

You have not configured a custom login page if: 

• If you access Happeo on your desktop through app.happeo.com, 
  OR
• Access Happeo via a custom domain but don’t see your company branding on the login page

In this case, you need to:

1. Check if you have a strict admin policy in your Google Workspace (see below for instructions). You can ask your Google Workspace administrator (often in IT). If they don’t know, you can forward them the instructions below. 
2. If you do have a strict Admin policy in Google Workspace, you need to configure the new OAuth client ID used by Happeo. See instructions below. 
3. If you do not have a strict Admin policy in your Google Workspace, no action is required. Though logging in will be more secure for your environment, the change happens purely in the background and your users will not notice a difference.

How to check if you have a strict admin policy in your Google Workspace

Follow the steps below or watch the video walkthrough.

1. Go to your Google Workspace administration console (admin.google.com)
2. Go to the left-side menu: Security > Access and Data control > API Controls
3. Expand the Settings section that appears
4. Have a look at the Unconfigured third-party apps section and click on the “edit” icon on the right side of it
5. Is it set to Default? Then you don’t have a strict admin policy. No further action is required.
6. Is it set to anything else other than Default? Then you have a strict admin policy. Please follow the steps below.

If you have a strict admin policy in your Google Workspace:

Please follow the steps below, otherwise, your users may see an admin_policy_enforced error when trying to log into Happeo. You can also watch a video walkthrough here.

1. Go to your Google Workspace administration console (admin.google.com)
2. Go to the left-side menu: Security > Access and Data control > API Controls
3. Click on “Manage Third-Party App Access” in the App Access Control section
4. Go to Add App > OAuth App Name Or Client ID and enter the client ID 864973362227-bi2n964lskaoae1kmvfrvd7da99kdg8l.apps.googleusercontent.com and click Search
5. Select the Happeo app in the results and continue with the workflow
6. On the screen where it asks for the type of access to be configured, select “Trusted”
7. Continue the workflow to save the configuration

It may take a maximum of 24 hours for configuration to take effect.

If you have any questions or need support, please reach out to your Customer Success Manager. We are always happy to help.