Planned Backwards Compatibility Changes

Overview

Mambu Platform TLS 1.0 and 1.1 restriction

Description
Due to several weaknesses found in TLS 1.0 and 1.1, many websites and internet services are starting to require the use of TLS 1.2. Here at Mambu we take security very seriously and as such we will update the Mambu platform to make use only of TLS 1.2 going forward.

Mambu will first restrict TLS 1.0 and 1.1 on all Sandbox environments, then, after 6 weeks, the restriction will be enforced on all Production enviroments.

This requires your action, otherwise, you won't be able to connect to Mambu and you are at risk for integrations failures.

You can also see the detailed email sent on this topic here.

*An email with the exact date when TLS 1.0 and 1.1 will be restricted will be sent to Mambu Champions.

Android App TLS 1.0 and 1.1 restriction

Description
TLS 1.0 and 1.1 restriction for the platform is also applicable for Mambu's Android App.
The update will have no impact on Android devices running an OS version 5.0 and above. For devices running the OS version 4.4 may encounter issues, as not all devices with with version have a native support for TLS 1.2. Lower versions of Android OS are not supported by the Mambu Android application.
To combat possible issues with Android devices running on OS verison 4.4 we strongly recommend that you check with your update your Google Play Services to the latest version and check the compatibility with your device manufacturer.

Please see the original email campaign on this topic here.

Mambu-SSO Role Mapping on User Provisioning

Description

Starting with V9, you can assign a Role to a newly provisioned user directly from the SSO, as long as the setup and the Mambu-SSO Role Mapping is done correctly. We are still keeping the option to manage Role assignments from Mambu UI and API as well, for a while.

As our mission is to make it easier to manage users and their roles from one point only, we encourage you to manage Users and Roles from your IdP of choice and kindly request you to create the Mambu-SSO Role Mapping by June 2019.

Workaround necessary in specific use cases
Until June 2019, as we want to make sure you have proper access to Mambu even if setup for Federated Authentication was done before V9 and the mapping of Roles is not yet done, keeping backwards compatibility is posing a minor stepback for the following use case:

• You first assign a Role to a user from the IdP
• When you remove that role, the user is left without an assigned Role in the IdP, and therefore
• The user will still have the same Mambu Access as before.

As a workaround, please create a "No Access" Role - to use for cases in which you want to remove the access of a user from the Mambu Platform temporarily.

If we were not to allow access to the Mambu platform without receiving a RoleID in the response, users without a Role assigned in the IdP would have instantly lost access to the platform, when V9 was released.

Please go to the respective support page to read more on Mambu-SSO Role Mapping on User Provisioning.

Please see the original email campaign on this topic here.