This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Please add procedures to handle difficulties using this portal

Please refer to case [#7482200].

On 8th August, I followed a link in a marketing email to Sophos Partners and reached a SophosID login page. The ID and password I had on record did not work, so I followed the reset password procedure, and the new password also did not work. Therefore, I emailed supporasia@sophos.com for assistance. I received an automated reply, instructing me to:

"Please help us expedite a response by visiting our SophServ portal at: https://sophserv.sophos.com and updating the case details as required."

As the problem I had was logging in, I was unable to visit the portal. In any case, I had given full details in the original email, so there was nothing to update. I then waited for a response.

15 days later, I received an automated email:

"We currently have an open support case for you case 7482200 and I've noticed that we have not yet heard back from you since 09-Aug-2017."

that said the case would be closed. Only after replying to this did a person respond and the problem could be discussed.

Please note that I later found that your portal requires Javascript from a number of salesforce domains to work. As our security policy is to avoid running unidentified software from unknown sources, please can you specify the full list of domains that your portal relies upon?
Also, you should improve your scripts to identify cases where the client is not running the Javascript, and report informative error messages. "We found some errors. Please review the form and make corrections." misleads the user into thinking that the problem is with the data entered into the form, i.e. their SophosID and password, instead of the actual problem, permissions to run Javascript from untrusted sources.

In summary, please address these issues in your response:
i) How you will improve your support to users reporting problems with accessing your web portal?
ii) Provide a complete list of domains that you will be running Javascript from.
iii) How you will improve your portal to correctly identify and report issues with running scripts?

Regards
Allan Dyer

 



This thread was automatically locked due to age.
Parents
  • Hi Allan,

    Thank you for posting your feedback and case reference. I've read through the case and can see that the problem could have been resolved if the error message you received when logging in to Sophos ID was more descriptive.

    I see from the screenshot you originally included on the support case that you have the NoScript addon in Firefox. I can recreated the issue you are seeing...

    If I use NoScript in Firefox I have to:

    1. Allow sophos.com (prompted at the bottom of the browser)

    2. Allow oktacdn.com (prompted at the bottom of the browser)


    3. Allow okta.com (not prompted and NoScript menu has to be checked)

     

    Can I confirm this is the primary issue: You also reached point two above and while there were NoScript prompts for points one and two, it was not obvious to look under the main NoScript menu (shown in point three above) and check if anything further was blocked?

    Once confirmed (I want to make sure I understand the issue completely), I can raise with our web team that the warning message shown...

    ....could be improved to help provide guidance on what to check next.

     - - - - - - - - - - - -

    Communities Moderator, SOPHOS
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • Hi Ruckus

    Thanks for your detailed reply. You've identified one of my points, but not the second one:

    When I emailed supportasia@sophos.com to report my problem logging in to the portal, the automatic reply instructed me to "update" the case on the portal THAT I COULD NOT LOG INTO, and no-one looked at the case for 15 days because I didn't update it. How do you expect people to report issues with logging in?

    Back to the problem you identified, your description is essentially correct, but there are some minor differences. I just recreated the issue (in a private window because I was trying to write this description at the same time)...

    i) My NoScript options are not to prompt me at the bottom of the screen, I find the pop-up and disappear behaviour distracting so I rely on the red circle with diagonal bar on the NoScript "S" icon to alert me that a script hasn't run.

    ii) okta.com did not appear on the list of blocked domains until I clicked on the Sign in button

    iii) Even when the okta.com domain was on the list of blocked domains, the "S" icon remained without the red circle and bar:

    iv) In my email of Thursday, August 24, 2017 12:47 PM, I wrote that various salesforce domains were required for your site to work. This appears to be incorrect, I guess that I had salesforce on the list of recently blocked sites from some other tab, and I mis-identified the connection. Sorry if this caused any confusion.

    Yes, I found the "We found some errors" message completely unhelpful.

    Regards

    Allan

Reply
  • Hi Ruckus

    Thanks for your detailed reply. You've identified one of my points, but not the second one:

    When I emailed supportasia@sophos.com to report my problem logging in to the portal, the automatic reply instructed me to "update" the case on the portal THAT I COULD NOT LOG INTO, and no-one looked at the case for 15 days because I didn't update it. How do you expect people to report issues with logging in?

    Back to the problem you identified, your description is essentially correct, but there are some minor differences. I just recreated the issue (in a private window because I was trying to write this description at the same time)...

    i) My NoScript options are not to prompt me at the bottom of the screen, I find the pop-up and disappear behaviour distracting so I rely on the red circle with diagonal bar on the NoScript "S" icon to alert me that a script hasn't run.

    ii) okta.com did not appear on the list of blocked domains until I clicked on the Sign in button

    iii) Even when the okta.com domain was on the list of blocked domains, the "S" icon remained without the red circle and bar:

    iv) In my email of Thursday, August 24, 2017 12:47 PM, I wrote that various salesforce domains were required for your site to work. This appears to be incorrect, I guess that I had salesforce on the list of recently blocked sites from some other tab, and I mis-identified the connection. Sorry if this caused any confusion.

    Yes, I found the "We found some errors" message completely unhelpful.

    Regards

    Allan

Children
  • Hi Allan,

    There are some failures on our part here. A lack of clear communication is the primary reason for your rightly felt frustration.

    The case does show activity between our Customer Care team and our internal Sales Operations team about the issue. However, this was not communicated to you. Furthermore the auto-response you received from our case system did not make it clear that (a) the ball is with us and we're working on it, and (b) checking the case details in SophServ is entirely optional (and if your case is in regard to a login problem to Sophos ID not even possible).

    My thoughts/actions:

    • You should have received a message from us making it clearer we are working on the issue. I apologize for this error.
    • I've already started the process to get the auto-response emails updated to explain and confirm in future that we are working on the issue and to ensure the mention of SophServ is presented as an optional step and only possible with a working login to Sophos ID.
    • I am shortly going to raise with our web team that the error message should not dead end your website journey. Perhaps (guessing as to the solution at this stage) we could link off to information explaining potential causes and steps you can take. We could certainly link to a new article in our knowledge base that mentions NoScript (as at least one thing) and provide additional checks.
    • On the issue of NoScript not alerting when something is still blocked, and while not wanting to end this post on a negative: I'm not sure this particular issue is the fault of our system. The NoScript icon should (I assume) still alert when content is blocked. I will Google the issue but, on this one, I cannot promise anything more. If I do find anything I will post back.

     - - - - - - - - - - - -

    Communities Moderator, SOPHOS
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • Thanks, you actions cover all the issues.

    On NoScript not alerting, I agree that seems to be a NoScript bug, not yours. I'm guessing that the problem is something to do with the script being run from the new domain during a page update, not on a full page load. Perhaps your team could identify the difference in how the script is run for a bug report to NoScript?

  • Looks like bug reports are via NoScript's forums.  I've read their documentation about the icon's expected behavior and since there seems to be a refresh problem I've posted a thread over there.

     - - - - - - - - - - - -

    Communities Moderator, SOPHOS
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • Thanks.

    I think that is all necessary actions at this stage.