Who can use this: Tech admin
Available on: Any Gong plan
Microsoft reported a potential risk associated with Microsoft Entra ID AD. This vulnerability could impact Gong customers who authenticate via Microsoft Entra ID/Office 365 (Microsoft is selected under Admin center > Settings > Authentication > Common identity providers).
The issue may occur if Office365/Entra ID, when used as an identity provider, has been registered with more than one email address for the user: The primary email address, or preferred user name, and a secondary email address.
If your company uses Microsoft AD to authenticate and you are having trouble logging in, reach out to your Gong Tech admin to follow the steps outlined below.
The issue
Microsoft verifies the preferred email address by proving ownership of its domain via DNS record modification. When the preferred user name matches any of the user's emails in Gong there will be no authentication issue.
The secondary email does not have to be verified and can be spoofed, which creates a risk. If the user’s secondary email is used as a user name in Gong and is on a different domain than the preferred one, we cannot use the secondary email to login.
The solution
To address this, make sure the user with the login issue is a valid Gong user. You can then do the following:
Click Admin center > Settings > Team members, select the user, and add their preferred user name email address to their Additional email addresses. This does not require customer support.
If necessary, contact support.