Authentication Troubleshooting and FAQs

Portal access overview

Use the table below to find the correct URL for each portal:

Troubleshooting

Login redirects in a loop

Symptoms: After entering your credentials, the browser redirects back to the login page repeatedly without completing sign-in. You may see the login form flash briefly before redirecting.

Common causes and fixes:

A) SAML/SSO account using email and password

If your organization has SAML/SSO enabled, you cannot sign in with email and password. Attempting to do so causes the sign-in flow to fail silently or redirect in a loop.

• Confirm with your account administrator whether SAML/SSO is enabled for your account.
• If SAML/SSO is enabled, sign in through your identity provider (for example, Okta) instead of the RiskOS™ login page.

B) Browser cookies or cached session data

Stale session cookies can interfere with the authentication flow and cause redirect loops.

• Clear your browser cookies and cache for socure.com and riskos.socure.com.
• Try signing in using a private or incognito browser window.
• If you use multiple Socure portals (Admin Dashboard, RiskOS™ Sandbox, RiskOS™ Production), clear cookies for all three domains.

C) Multiple active sessions

Having active sessions across multiple Socure portals in the same browser can cause conflicts.

• Sign out of all Socure portals — Admin Dashboard, RiskOS™ Sandbox, and RiskOS™ Production.
• Close all browser tabs with Socure URLs.
• Open a new browser window and sign in to one portal at a time.

"Invalid Signin flow" error

Symptoms: After entering your email and password, you see the message "Invalid Signin flow."

Cause: Your account is configured for SAML/SSO authentication. Email and password sign-in is not available for SAML-enabled accounts.

Fix: Sign in through your organization's identity provider (for example, Okta, Azure AD, or OneLogin). If you do not know your identity provider URL, contact your account administrator.

Account switching error

Symptoms: You are signed in to one Socure account but see an error when switching to another account.

Cause: The two accounts use different authentication modes. For example, one account uses SAML/SSO and the other uses email and password. The system only allows access to accounts that match the authentication mode used during sign-in.

Fix:

1. Sign out of the current session.
2. Sign in again using the authentication method required by the account you want to access.
3. If you need to work across accounts with different authentication modes, use separate browser profiles or a private window for each account.

Magic link does not arrive

Symptoms: You requested a magic link to sign in but did not receive the email.

Common causes and fixes:

• Check your spam or junk folder for the email.
• Verify you entered the correct email address associated with your RiskOS™ account.
• Corporate email filters may block automated emails from Socure. Contact your IT team to allowlist emails from Socure.
• Magic links expire after 10 minutes. If the link has expired, request a new one from the login page.

📘

Note:

The magic link must be opened on the same device and browser that was used to request it. Opening the link on a different device or browser causes it to fail.

Session expires unexpectedly

Symptoms: You are signed in to RiskOS™ but get redirected to the login page after a period of inactivity, or your session ends mid-task.

Common causes and fixes:

• RiskOS™ sessions have an inactivity timeout. If you are inactive for an extended period, your session expires and you need to sign in again.
• Signing out of any Socure portal (Admin Dashboard, RiskOS™ Sandbox, or RiskOS™ Production) terminates all active sessions across all portals.
• If your session expires frequently during active use, check whether a browser extension, VPN, or proxy is interfering with session cookies.

Cannot access RiskOS™ after account provisioning

Symptoms: Your account was recently provisioned but you cannot sign in to RiskOS™ Sandbox or Production.

Fix:

1. Confirm with your account administrator that your user profile has been created in RiskOS™.
2. Check that you are using the correct portal URL:
   • Sandbox: https://riskos.sandbox.socure.com
   • Production: https://riskos.socure.com
3. If your organization uses SAML/SSO, verify that the RiskOS™ application has been assigned to your user in the identity provider.
4. If you still cannot access the portal, contact Socure support with your email address and organization name.

FAQs

If I am an ID+ customer and I have not migrated to RiskOS™, which portal do I use?

ID+ customers who have not migrated to RiskOS™ should use Admin Dashboard (https://dashboard.socure.com).

If I am a RiskOS™ customer and I have never previously integrated with ID+, which portal do I use?

RiskOS™ customers who have never previously integrated with ID+ should use RiskOS™ Sandbox (https://riskos.sandbox.socure.com) for sandbox access and RiskOS™ Production (https://riskos.socure.com) for production access.

If I am an ID+ customer who has migrated or is in the process of migrating to RiskOS™, which portal do I use?

ID+ customers who have started to use RiskOS™ should use Admin Dashboard (https://dashboard.socure.com) to access ID+ transactions.

They should also use RiskOS™ Sandbox (https://riskos.sandbox.socure.com) for sandbox access and RiskOS™ Production (https://riskos.socure.com) for production access.

If I am an ID+ customer who has migrated or is in the process of migrating to RiskOS™, do I need different sign-in credentials to access Admin Dashboard and RiskOS™?

No. If your ID+ and RiskOS™ accounts are not enabled for SAML/SSO, you would use the same email/password to access Admin Dashboard, RiskOS™ Sandbox, and RiskOS™ Production.

If I am an ID+ customer with SAML/SSO enabled, how do I access Admin Dashboard and RiskOS™?

If your ID+ and RiskOS™ accounts are enabled for SAML/SSO, you would access Admin Dashboard, RiskOS™ Sandbox, and RiskOS™ Production from your respective identity provider page (e.g., Okta).

Note: Email/Password-based sign-in is not applicable for SAML/SSO-enabled accounts. Sign-in attempts with email/password for SAML/SSO customers will fail with an "Invalid Signin flow." message.

If I am an ID+ customer who has started to use RiskOS™, how do I access my ID+ transactions?

You can access your ID+ transactions from Admin Dashboard (https://dashboard.socure.com) with a unified (common) set of sign-in credentials.

You will not be able to view ID+ transactions within RiskOS™, but you can open another browser tab to access the Admin Dashboard while working in RiskOS™.

If I am an ID+ customer who has started to use RiskOS™, will I be able to view my ID+ transactions in RiskOS™?

At this time, you will not be able to view ID+ transactions within RiskOS™.

You can access ID+ transactions by visiting Admin Dashboard (https://dashboard.socure.com) in another browser tab.

We are working on improving the user experience by adding the ability to search for and view your ID+ transactions in RiskOS™, expected by the end of 2025.

If I am an ID+ customer who has started to use RiskOS™, what happens if I log out?

You will be logged out of all active sessions across Admin Dashboard, RiskOS™ Sandbox, and RiskOS™ Production.

Why do I see an error message when switching between accounts?

Users are not allowed to switch between accounts that are enabled with different authentication modes. The system only allows access to accounts that match the way the user initially signed in.

Examples:

• If Parent Account 1 is enabled for SAML and Sub Account 1 is not enabled for SAML:
  • A user signing in through SSO/SAML can access Parent Account 1 but will see an error when switching to Sub Account 1.
  • A user signing in with email/password can access Sub Account 1 but will see an error when switching to Parent Account 1.

This behavior is expected due to mismatched authentication modes across accounts.