We’re making a significant upgrade to our user authentication service, moving from our current central authentication service to a new, more robust Okta-based authentication service. This change is designed to enhance your experience with improved consistency, security, and scalability across all Bugcrowd services.
The move to Okta will bring several key benefits:
- Faster Features Delivery: Our new system will allow us to deliver new authentication features at a quicker pace.
- Enhanced Security: We’re always striving to keep your accounts safe, and this upgrade brings even stronger security measures.
- Scalability: As Bugcrowd grows and adds more services and platforms, this new system will scale effortlessly.
Upgrade Timeline
We’ll be rolling out this upgrade in phases starting early November 2025. We’re working to make this transition as smooth as possible for everyone.
What to Expect During the Upgrade
For most individual users and administrators, the upgrade process will be largely transparent. There are no configuration changes required for authentication services, and you won’t need to update SAML settings. Users will be seamlessly migrated to the new Okta-based authentication services.
For Users with Username and Password
- A week before the upgrade until upgrade day: You’ll see a banner when you log in before the upgrade day
-
Your Options: You can “Dismiss” the banner and continue with your work, or click “Migrate now.” Choosing “Migrate now” will log you out of the current service and direct you to the new authentication service login page. Once you log in there, you’re migrated!
-
On upgrade day (if not already upgraded) and onwards until user login: A migration banner will appear, prompting you to log out and direct you to the new authentication service.
For Single Sign-On (SSO) Users
- A week before the upgrade until upgrade day: You’ll see a banner when you log in.
-
Your Options: You can “Dismiss” the banner and continue working.
-
Upgrade day and onwards until user login: A migration banner will appear, prompting you to log out and direct you to the new authentication service.
Key Changes to Your User Experience Post-Upgrade
While the migration itself is designed to be seamless, there are a few important changes to be aware of once you’re on the new authentication service:
- MFA Enforced for Username and Password: If you use a username and password, you’ll now be required to set up a second factor authentication (MFA) when you first log in to the new service. You can use Google Authenticator or Okta-verify apps. If you already have MFA enabled, it will be transferred to the new service.
- User Login URL Has Changed: The new customer user login URL will be login.bugcrowd.com, please update your bookmarks. During and after migration, the old URL for authentication identity.bugcrowd.com will redirect the customer users to the new login URL.
- Email User ID Update: You will no longer be able to update your own login email ID. If you need to make this change, please create a Support ticket.
- Changes to Custom Timeout Sessions: Your current custom timeout sessions will be transferred. However, setting new custom timeout sessions will now require a Support ticket.
- Revoke All Active User Sessions: The new authentication service will show you all your active sessions, but it only supports revoking all active sessions, not individual ones.
- User Account Lockout: If your account gets locked, you’ll receive an email with an “Unlock account” link. You can also click the “Unlock” link directly on the login page. If you don’t take any action, your account will also automatically unlock after one hour.
We’ve taken great care to make this upgrade process simple and minimize any actions required from your end. If you have any questions, please don’t hesitate to reach out to the Bugcrowd Support team.
