Skip to content
English
  • There are no suggestions because the search field is empty.

2025 Security Upgrade

In September 2025 ProjectManager will upgrade its security infrastructure. Primarily this will impact customers using SAML and MFA. This document explains what is changing and the actions you need to take to maintain a seamless login experience.

Instructions for SAML users  |  Instructions for MFA users


SAML Upgrade Process

In September 2025 ProjectManager will upgrade its SAML processing infrastructure. As part of this upgrade, customers using SAML will need to update their SAML configuration on ProjectManager and in their SAML provider authentication system.

What is changing in SAML for ProjectManager

In September 2025, ProjectManager will change the URLs for its login/logout processes. Because of the way SAML works, this means that you will need to update your SAML settings.

How can I update and test the new SAML settings?

Between June 2025 and September 2025, follow these steps to update your SAML settings:

  • Log in to ProjectManager as a global admin level user. Do not log out of your global admin level user session while testing SAML.
  • Open the security page. If you need to update your SAML settings, you will see this message:
    Screenshot 2025-05-26 at 1.12.09 PM
  • Check your SAML provider to ensure that the Name ID format is set to "emailAddress".  This security upgrade requires that you use emailAddress as the name ID format.
  • While this global admin user’s session is active, update your SAML settings and open a new window in incognito mode or private browsing mode to test your SAML setup.  
  • When your SAML settings are completely updated, it will look like this:
    SAML upgrade
  • Once you have verified that a new login on an incognito window can login correctly via SAML, your process is complete.

 

What happens if I do not update my SAML settings?

Between now and September 1st 2025, both existing and updated SAML logins will continue to work normally.

After the September 1st 2025 cutoff date, all customers who have not updated their SAML settings will be updated to use username+password or social OAUTH login methods.  You can always restore SAML settings after this date if desired.

I'm using Duo Security, how can I set the Name ID format correctly?

  • In the field "Name ID Format", choose urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress


Multifactor Authentication (MFA) Upgrade Process

Beginning on June 4th 2025 ProjectManager will phase out its existing multifactor authentication (MFA) processing infrastructure for customers who use username-and-password login. As part of this upgrade, MFA users will need to update their multifactor tokens when they next log on.

What is changing with multifactor authentication (MFA) at ProjectManager?

ProjectManager will begin using a new delivery method for multifactor authentication one-time-password tokens. Because of this change, your existing one-time-token will stop working. To update your MFA configuration so that you can continue using multifactor authentication, follow the steps below.

How do I upgrade my MFA token?

After June 4th, when you log on to ProjectManager you will see this message:

mfa-1

Check your email and click on the link we sent you, this will take you to the “Verify Your Identity” page. To use this page, first remove your existing ProjectManager MFA token from your authenticator application. If you do not remove your existing MFA token, most authenticator apps will show you an error message.

Once you have removed your existing MFA token, use your mobile phone’s camera or your authenticator app to scan your unique QR code. This will add the new authenticator token to your app. Copy the one-time code from your authenticator app to the box provided to confirm that everything's up and running.

mfa-3b

If you have difficulty scanning the code you can click the Trouble Scanning button for more options. Finally you will be shown a recovery code, save this code in a safe place. You may now resume using ProjectManager, you will be prompted for an MFA code when logging in.

Can I switch to SAML?

If you use SAML, your multifactor authentication will be managed by your organization. The difference between ProjectManager’s MFA and your organization’s MFA works as follows:

  • When using username+password, you can optionally use multifactor authentication provided by ProjectManager.com.
  • When using SAML logins, enterprise customers can configure their own login system. Many enterprise customers have their own multifactor authentication system that is not managed by ProjectManager.com.

If you choose to switch from username-and-password to SAML, your multifactor authentication will be managed by your organization.

What happens if I do not update my MFA settings?

To maintain account security, ProjectManager will continue to prompt you to update your Multi-Factor Authentication (MFA) settings until the update is completed. If you need assistance, our customer support team is available to help guide you through the process.

You can always re-enable multifactor authentication at any point.


Who can I contact with questions about this process?

You can reach out to us with any questions about the SAML or MFA upgrade process.