InVision has now made additional secure hash algorithms (SHA-256, SHA-384, and SHA-512) available to all customers using SAML. Given that SHA-1 collision is no longer theoretical, we are encouraging all customers to move to SHA-256 or higher as soon as possible.
Effective May 31, 2017, support for SHA-1 hash algorithms will officially end. To continue using single-sign on with InVision, you will need to update the hash algorithm with your SSO provider and InVision.
Visit your Advanced tab for the InVision application in ADFS, then select SHA-256 from the Secure hash algorithm menu. Click OK.
The setting will have to be updated in the InVision Admin for the enterprise customer at the same time to match. Please contact [email protected] when ready to update your account, and our Support team will coordinate a time to update your SAML settings.
We will update you to SHA-256 on our end, but you may also need to update your SAML Signature Algorithm as well. This does not need to be done simultaneously with changes on the InVision side.
To update your SAML Signature Algorithm
- Go to OneLogin.
- Click InVision App.
- Click SSO.
- Select SHA-256.
No customer changes required. All accounts will be updated to SHA-256.