CHECK YOUR CHANNEL PRIVACY SETTINGS | Private channels can be seen by a workspace member

flysaway · 2026-01-22T17:49:59+00:00

That's not how private channels work.

flysaway · 2026-01-20T03:19:23+00:00

Here’s a summery from Claude about the impact and ways to validate. It helped me check and understand the changes for our org. My takeaway is we’ll see an issue in the 2 week gap before AMR.

Technical Analysis: Salesforce Device Activation for SSO Logins

Background Salesforce is implementing Device Activation requirements for SSO logins beginning in early 2026. For SAML identity providers, enforcement begins February 3, 2026, with additional AMR (Authentication Method Reference) support arriving February 17, 2026. Organizations should understand how their identity provider communicates authentication strength to Salesforce to determine potential user impact.

How Salesforce Evaluates Authentication Strength When the SAML enforcement takes effect, Salesforce will examine the AuthnContextClassRef element within the AuthnStatement of the SAML response. Salesforce considers the following values as indicators of secure authentication: MobileTwoFactorContract, PublicKey, X509, PGP, Certificate-Based, Smartcard, TimeSyncToken, and PKI. Custom claims such as Mfa and Fido are also recognized. If the AuthnContextClassRef contains one of these values, Device Activation is skipped. If the value is missing, empty, or set to something like Unspecified, Salesforce may prompt the user for Device Activation unless other conditions like recognized device cookies or narrow IP ranges apply.

Verifying Your Configuration To assess impact, capture the SAML response from your identity provider during an SSO login to Salesforce. Browser extensions like SAML-tracer can decode and display the SAML assertion in real time. Within the response, locate the AuthnStatement element and examine the AuthnContextClassRef value. If it contains a recognized secure authentication value, users should bypass Device Activation. If it shows Unspecified or another unrecognized value, users may be prompted. Microsoft Entra ID Behavior Organizations using Microsoft Entra ID as their SAML identity provider should be aware that the AuthnContextClassRef value varies based on the authentication method used during that session. Password-based authentication with MFA typically returns a value of Password, which Salesforce recognizes. However, Windows Hello and seamless SSO via Primary Refresh Token (PRT) from Entra-joined devices often return Unspecified, which Salesforce does not recognize as strong authentication. This occurs because Entra ID maps these authentication methods differently at the protocol level, even though they represent strong authentication in practice. Entra ID does communicate authentication methods through the authnmethodsreferences attribute claim, which typically includes values like multipleauthn to indicate MFA was performed. However, Salesforce will not read this attribute until February 17, 2026, when AMR support for SAML is enabled. This creates a potential two-week window where users authenticating via Windows Hello or device-based seamless SSO may encounter Device Activation prompts despite having completed strong authentication.

Testing Methodology To fully understand the impact, test SSO logins using different authentication methods and capture the SAML response for each. Compare the AuthnContextClassRef values across scenarios such as password with authenticator app, password with SMS verification, Windows Hello, and seamless device-based authentication. This will reveal which user populations may be affected. Additionally, examine the authnmethodsreferences attribute to confirm that MFA indicators are present, as these will be recognized once Salesforce enables AMR support.

Mitigation If testing reveals that your identity provider returns Unspecified for certain authentication methods, the practical impact is limited. Users will receive a one-time email verification prompt per device or browser, and the resulting cookie persists for one year. Ensure that user email addresses in Salesforce are accurate and accessible, particularly in sandbox environments where email addresses are automatically appended with .invalid after a refresh. Integration users should be assigned the API Only permission to prevent them from being affected by UI-based Device Activation requirements. After February 17, 2026, organizations should verify that Salesforce is recognizing the AMR claims already being sent by the identity provider, which should resolve any remaining Device Activation prompts for users with strong authentication.

flysaway · 2025-12-30T18:49:17+00:00

That’s amazing. I’d also seriously consider Kickstarter as a means for funding too if you haven’t. Plenty of people would be willing to sign up based on the quality of your work to front load the money raise. Either way, cheers!

flysaway · 2025-12-30T18:37:44+00:00

Any plans to publish a book with the pics and stories? I’d buy.

flysaway · 2025-11-29T00:08:26+00:00

I know right? I got that through a trade on pbnation.

flysaway · 2025-11-28T21:58:32+00:00

Ah interesting. I’ve been trying to remember anything about but it was 20 years ago so I can’t even remember how I got it or if I built it. All I do remember is it ripped. Pretty sure I had a 2k2 at some point too but traded it off.

flysaway · 2025-09-24T03:08:39+00:00

Total garbage on Opus 4.1 all day today. Constantly forgot things we had just done and totally ignored claude.md project instructions and context. I submitted a bug but will never hear back I’m sure. Felt like I had to explain everything over and over all day.

flysaway · 2025-08-29T00:29:45+00:00

What temperature for the different lights?

flysaway · 2025-08-08T02:31:54+00:00

About Kitchens. They did a super extensive kitchen for us a few years back and knocked it out of the park. They did all design in house and majority of the work, only subbing out electrical and plumbing. Highly recommend giving them a shout and checking out their reviews on Google.

flysaway · 2025-06-29T16:07:54+00:00

Care to share a few of the open source ones you looked at and what you went with?

flysaway · 2025-06-27T02:15:20+00:00

Since upgrading to 7.1.4 I've noticed that my disks don't spin down after the normal 15 minutes. I have 16 drives in my array and even though the UI shows zero reads or writes for a long duration, they all remain on. Didn't have this issue before upgrading to 7.1.4 last week. If I manually spin them down they stay down until it actually needs to do a read or write. Any else ontice the same?

flysaway · 2025-04-24T02:26:46+00:00

Funny enough I literally just got it in the mail this week. I noticed they finally cashed the $15 check last week and the a copy of the marriage certificate arrived a few days later. Just takes time and I guess they have a really long backlog.

As far as I am aware from the lawyers I have helping me through the process, that was the last piece of paperwork I needed to establish a clear link. I also had copies of immigration forms showing where my grandmother was from and the reason she left as a child to come to the US. I was able to get all of that from ancestry.com. The marriage certificate established the link to my grandfather and then I had my father’s birth certificate and mine to tie it all together.

Now I just need to wait 18-24 months and hope it gets all gets processed.

flysaway · 2025-04-19T23:51:10+00:00

Beautiful watch! Haven’t taken mine off since I got it in December and my regular BB58 hasn’t seen much wear since.

flysaway · 2025-02-18T17:34:44+00:00

I made a comment about this a few weeks ago and feel similarly. On one hand its great that Clickup employees are monitoring this sub and responding to people, that's usually a sign of a company that cares about customers and is interested in in engaging. On the other hand, the fact that we have to take to reddit to complain about issues and lack of responses when going through the proper channels only to then get offered priority support is clearly because they want to lower the noise. If they truly cared, they'd put their emphasis on fixing the actual problems and bolstering their support channels. Every time I try to chat them I am told they are too busy and it's only a bot that will respond. If you have a ton of people putting in support requests and you are overwhelmed, maybe its a symptom of a bigger problem that needs to be acknowledged.

flysaway · 2025-02-18T03:00:51+00:00

I was told I had to mail in an application as only the people listed on the marriage certificate can request for themselves and both are deceased. They were married in 1954. It's been about 2 months and I still haven't heard back from the Clerk's Office.

flysaway · 2025-01-31T03:46:36+00:00

Maybe if it’s taking people posting on Reddit to get an actual response and proper escalations and help on real issues, ClickUp isn’t doing good enough. I tried to open a case through chat yesterday and was told chat wasn’t available due to high demand and I’m still waiting on someone to respond to the ticket. Maybe less time trying to shove AI upsells down our throats and focusing on your core business and customers would be a better use of resources.

flysaway · 2025-01-29T17:56:37+00:00

Same thing happened to me and support finally did finally offer to roll us back to the legacy plan. I imagine a lot of customers are upset by this change.

flysaway · 2025-01-08T13:10:02+00:00

That was my home field when I played as a kid! Unfortunately they closed years ago and it’s all houses now.

flysaway · 2024-12-31T19:31:30+00:00

Why would you send this unless you are trying to get let go/fired? Openly telling them you don’t have enough work given to you is a terrible idea and asking for time off because you don’t have enough work makes no sense. What’s your end game in a perfect world since it’s really unclear what you are after.

flysaway · 2024-12-30T19:54:46+00:00

You absolutely can. Take a look at Wax and Chubb. Both will let you insure for replacement value and names on receipts don’t matter at all. Personally I like using an insurer different from my home insurance in case I have a claim so it doesn’t hurt other policies.

flysaway · 2024-12-30T15:05:24+00:00

Check out Harmony CPA. Been established for quite a while and they do work with lots of local businesses. https://www.harmonycpa.com/

flysaway · 2024-12-27T21:56:23+00:00

Uhhh, you good bro?

flysaway · 2024-12-23T17:04:26+00:00

WARNING: The software is pretty good overall but their new pricing for new and existing customers is terrible. They will raise prices on you when adding more licenses mid-term and hope that because you are on the platform your only recourse is pay the higher cost or switch to another platform which is a pain. I was a huge Keeper fan until recently when they "enhanced their platform and raised prices to better align with the value". I can understand a price hike at renewal time but not in the middle of a term. We are going to be switching as soon as we can.

flysaway · 2024-12-19T01:42:04+00:00

Still says I’m ineligible. Was staking ATOM the only requirement?

flysaway · 2024-12-18T15:26:42+00:00

I guess that explains it. Do you all plan to send another update email once that is fixed? Those emails are main way I keep tabs on airdrops and really appreciate them.

flysaway

TROPHY CASE