We are working to make Workvivo ever more secure and plan to make changes at the end of January 2021.
Changes may be required on your organisation's end to ensure that users can still access the Workvivo platform on web and mobile from 1 February 2021. We would please ask that you read and acknowledge the below.
Should you have any questions or concerns, please contact email@example.com and we'll put you in touch with our Security Lead.
Security at Workvivo is always a top priority, and, to that end, we are working towards amending the versions of TLS supported. Our plan is to deprecate support for TLS 1.0 and 1.1 end of January 2021.
We plan to support only TLS 1.2 from the 1 February 2021, with the changes to take place over the weekend of the 30th and 31st of January 2021.
To help you test and ensure your browsers’ configuration and other devices (e.g. devices / nodes utilizing B2B services such as SCIM and other APIs) continue to work after this change, you can navigate to a URL that we have configured to only support TLS 1.2 with the Cipher Suites listed below.
If your devices / browsers can successfully communicate with this URL everything should work as expected. If not, changes will be required on your end to ensure TLS 1.2 compatibility.
To obtain a more detailed list of Operating Systems and Browsers that can successfully handshake with TLS 1.2 you can run a scan via Qualys’ SSL Lab for the above URL at https://www.ssllabs.com/ssltest
For customers utilising Microsoft's IE 11 we are minded to highlight Microsoft’s Modernising TLS blog post, in particular the approach to configuring TLS 1.2 for IE 11 via Group Policy. See https://blogs.windows.com/msedgedev/2018/10/15/modernizing-tls-edge-ie11/
 Cipher Suites Supported & Priorities:
ECDHE-RSA-AES128-GCM-SHA256, Priority: 1
ECDHE-RSA-AES128-SHA256, Priority: 2
ECDHE-RSA-AES256-GCM-SHA384, Priority: 3
ECDHE-RSA-AES256-SHA384, Priority: 4
This change is due to take effect from 1 February 2021.