Member FAQ: New sign-in process

This FAQ is written for ISF Members. It explains what is changing as we move sign-in for ISF Live and other ISF applications onto our new identity platform (Auth0 by Okta), what you will see the first time you log in, and what to do if something goes wrong.

Contents

1. About the change
2. Signing in for the first time
3. Single Sign-On (SSO) for federated organisations
4. Multi-factor authentication (MFA)
5. The ISF profile forms on first login
6. Common issues & what to do
7. Getting help

1. About the change

What is changing with how I log in?

The ISF is moving the sign-in experience for ISF Live and our member tools onto a dedicated identity platform, Auth0 by Okta. When you next visit isflive.org or another ISF application, you will be taken to a new ISF-branded login screen rather than the existing Salesforce login page. Your access, your data and your subscriptions stay exactly the same – only the sign-in step is moving.

Why is the ISF making this change?

The new platform gives Members a more modern login experience, stronger account security (including federated single sign-on), a single profile that follows you across ISF applications, and a foundation for new features such as one-touch email login. It also removes a number of long-standing limitations of the old Salesforce-only sign-in.

When does this take effect?

The ISF will be implementing these changes in a number of steps, Phase 1 goes live at the end of May 2026. A number of Member organisations are already using the new federated flow, with the rest of the Membership to be transitioned over the following weeks. You will receive a communication from the ISF before your organisation is moved across.

Do I need to do anything before go-live?

No. You do not need to create a new account, change your password in advance, or take any action on your existing profile. The first time you sign in after your organisation has been migrated you will be guided through any one-off steps (such as updating your ISF profile) automatically.

2. Signing in for the first time

What will I see on the new login screen?

You will be presented with the new ISF-branded login page. After entering your email address the system will use your email domain to route you to the correct sign-in method for your Membership:

• If your organisation has been subscribed to Federated Single Sign-On, you will be redirected to your own corporate identity service (for example Microsoft Entra or Google, etc) to sign in.
• If you sign in to ISF Live with a username and password today, you will be migrated to our new mechanism where you will sign in using a one-time code sent to your business email account.

Does the email address have to match exactly (capital letters, etc.)?

No – the system will automatically change all email addresses to lowercase before validation.

What happens if I enter an email the system does not recognise?

If you enter an email whose domain is not associated with an active ISF Member organisation, the login page will show a friendly message and offer a “Not an ISF Member? Register here” link that takes you to securityforum.org/join. If you believe your domain should be recognised – for example, your organisation is an ISF Member but you are using a sub-domain or a personal email – please contact us (see section 7).

3. Single Sign-On (SSO) for federated organisations

This section applies if your organisation has subscribed to Federated Access with the ISF. If you sign in with an ISF email and password today, skip ahead to section 4.

My organisation uses Federated Single Sign-On – what does this mean for me?

You will sign in to ISF applications using your normal corporate credentials, exactly as you do for your other work systems. After typing your email on the ISF login screen, you will be redirected to your organisation’s identity provider (for example, your Microsoft, Google or other corporate login). Once you have authenticated there, you will be returned to the ISF application without ever needing to enter an ISF-specific password.

Do I need to set a separate ISF password?

No. Federated users do not have an ISF password and never need to remember one. Your organisation manages your credentials, including any password resets, MFA, conditional access policies and offboarding when you leave.

Do I still need ISF MFA if my company already enforces MFA?

No. If you sign in via your organisation’s identity provider, the MFA challenge is handled entirely by your organisation’s policy. The ISF will not prompt you for an additional second factor on top of that.

I would like to subscribe to Federated SSO for my organisation – how do we get set up?

Federated SSO is an additional service to ISF Membership. Speak to your Regional Director, who can walk you through the commercial options and pricing. Once your organisation has subscribed, onboarding is a quick self-service process: your ISF Account Manager will send a URL that guides your technical identity administrator through the steps to complete the connection.

Which ISF applications work with Federated SSO?

Federated SSO replaces the existing login flow for all ISF applications.

4. Multi-factor authentication (MFA)

Will I be asked to set up MFA by the ISF?

No. The ISF will no longer manage or enforce MFA directly for Members signing in to ISF applications. We will use two approaches — for Federated SSO users, this will be delegated to your organisation as part of your login with them. For Members that currently use a password to login, we will replace that with a one-time code sent to your work email address to confirm your identity.

My organisation already enforces MFA – does anything change?

Nothing changes for you. If your organisation uses federated SSO and your identity provider enforces MFA as part of your corporate policy, you will continue to be challenged for MFA exactly as you are today – through your own organisation’s systems. The ISF does not add any additional authentication steps on top of what your organisation already requires.

I sign in with an ISF email (non-federated) – does MFA apply to me?

For non-federated users who currently sign in with an ISF-managed email and password, MFA will no longer be enforced by the ISF platform. We will rely on our Member organisation requiring secure access to their business email systems. Each time you log in a new one-time code will be sent to your business email to authenticate you.

What if my organisation requires MFA on ISF applications?

If your internal policy requires an MFA step that sits with the ISF rather than your own identity provider, please speak to your ISF Account Manager. We can talk through the options available — in most cases, moving your organisation onto Federated SSO is the cleanest way to apply your existing MFA policy to ISF applications.

Can I use a passkey / Touch ID / Windows Hello?

Not yet, but we are looking into this post-implementation.

5. The ISF profile forms on first login

Why am I being asked to fill in a form when I sign up?

To keep your ISF Member profile current, the new platform asks for a small amount of information the first time you log in – completing this information should take less than two minutes.

What information do you ask for?

The forms collect:

• Form 1 – Essential identity: first name, last name, organisation, job title, phone number, country (and state/province where relevant). Where the ISF already has this information, fields are pre-filled for you to confirm.
• Form 2 – Professional details: your role level, sector and industry, functional area, ISF chapter group.
• Form 3 – Consent: acceptance of the ISF Terms of Use and Privacy Notice.

What do you do with this information?

The data is used to personalise your ISF experience, ensure you are assigned to the correct ISF chapter, and tailor the research and events we surface to you. It is held under the terms of our ISF Privacy Notice and is not shared with third-parties for marketing.

Can I update these details later?

Yes. You can update your profile details at any time from your account page in ISF Live. The first-login forms are simply to make sure we have a complete profile on day one.

I am signing in via my company’s SSO – will I still see these forms?

Yes, but most fields will be pre-populated from the information your identity provider already shares with the ISF (such as your name and organisation). You will normally only need to confirm the details and add anything that is missing.

6. Common issues & what to do

What do I do if my email address has changed?

If your email address has changed – for example, after a change of name or a corporate domain update – please contact info@securityforum.org. We will update the email on your account so that you can continue to sign in. Please do not create a new account with the new email address, as this can result in a duplicate profile that loses your history.

I sign in via SSO and my business email has changed – is this different?

The same advice applies: contact info@securityforum.org. Because federated accounts are matched on email address, a corporate email change needs the ISF team to reconnect your old profile to your new address. Until that is done, the system may treat you as a new user.

I get an error after entering my email – what should I check first?

• Confirm the email is exactly the one your ISF account is registered against (typos and old addresses are by far the most common cause).
• If you have recently changed company, ask the ISF to update your email (see above).
• Try a private / incognito browser window – stale browser sessions can cause unexpected behaviour after the change.
• If your organisation uses SSO, check that you can sign in to other corporate apps. If you cannot, the issue is most likely with your own identity provider rather than the ISF.

I get directed to my company’s login but it does not let me in.

This usually means your IT team has not yet granted you access to the ISF in your corporate identity provider. Speak to your internal IT or SSO administrator and ask them to confirm that the ISF application has been assigned to you. If you continue to have problems, copy any error reference shown on the page and email it to info@securityforum.org.

The page says my domain is not recognised, by my organisation is an ISF Member.

This can happen when you log in from a sub-domain (for example uk.example.com) that has not yet been added to your organisation’s record, or if you are using a personal email. Please contact info@securityforum.org with the email you are trying to use; we can add the domain to your organisation if appropriate.

My verification code has not arrived.

Allow up to ten minutes and check your spam/junk folder. If it still does not appear, your organisation may be filtering ISF mail – ask your IT team to allow-list @securityforum.org. If the issue persists, contact info@securityforum.org.

Can I still access ISF Live and my tools while the migration is happening?

No. Access to all ISF platforms will be disrupted across the weekend. As we conduct the migration, we will take all systems offline to complete the integration work from 00:00 BST Saturday 23rd May – 00:00 BST Tuesday 26th May.

7. Getting help

Member support

Email: info@securityforum.org

Web: securityforum.org/contact

Please include your registered email address and, where possible, a screenshot of any error message and the time at which it occurred. This helps us trace the login attempt in our logs and resolve the issue more quickly.

What information will help us help you faster?

• The email address you are trying to sign in with.
• The application you were trying to reach (ISF Live, Assure, Benchmark, etc.).
• Any error message text or reference shown on the page.
• Approximate date, time and time zone of the failed attempt.
• Whether you sign in with one-time email code or via your company’s SSO.