What do I need to know about Workforce Planning's authentication update?
Background
Basic Authentication is being deprecated for users of Procore's Workforce Planning API. We are making this change to help protect your data from the increasing risks associated with Basic Authentication, including:
- Managing user credentials without OAuth incurs liability and privacy law compliance risk.
- Integrations using legacy OAuth may break when users change their passwords.
- Legacy authentication is not compatible with Single Sign On (SSO).
Going forward, customers can use OAuth 2.0 for a more secure and user-friendly experience.
Frequently Asked Questions
What is the timeline for the deprecation?
Basic Authentication will be officially retired on March 1, 2025. To ensure a smooth transition, we have a 12-month sunset plan for Basic Authentication.
Months 1-3: Educational Phase
Procore will provide resources and guides to help customers understand OAuth 2.0 and its benefits, and encourage customers to start migrating their applications and services to OAuth 2.0.
Months 4-6: Parallel Support
Basic Authentication will continue to be supported during these months to allow users to test OAuth 2.0 without disruption. Users should start implementing OAuth 2.0 in parallel with Basic Authentication.
Months 7-9: Transition Phase
During this phase, Basic Authentication will be marked as deprecated, with clear notifications and reminders. Customers should complete the migration of their applications to OAuth 2.0 and start using it exclusively. After September 1, 2024 you can continue using Basic Authentication for existing apps. However, any new apps will require OAuth 2.0.
Months 10-12: Sunset
Beginning in early November, we will send messages to affected customers about 30 days before we make the configuration change to permanently disable Basic Authentication use. After Basic Authentication is permanently disabled, any customers or apps connecting using Basic Authentication will receive a bad username/password/HTTP 401 error. To fix this, you must update your application to use OAuth.
Basic Authentication will be officially retired on March 1, 2025. Customers must ensure all their applications and services are fully migrated to OAuth 2.0.
I still need to use Basic auth; how can I get it after March 1, 2025?
Basic Authentication will be permanently disabled; there is no option to re-enable Basic Authentication after March 1, 2025.
What Happens after March 1, 2025 if I do not update from Basic authentication?
Users or applications connecting to Workforce Planning using Basic Authentication will be unable to connect. If you have other integrations that depend on Workforce Planning and Basic Authentication, those will also be unable to connect.
How do I know if My Company needs to update Authentication?
You can check to see if your app is already using OAuth 2.0 by following the steps below:
- Navigate to the company's Workforce Planning tool on app.procore.com.
- Click the Configure Settings
icon. - Click OAuth Apps.
On this page you will see a list of OAuth apps currently available. If an app that you use is NOT on this list, it needs to be updated to OAuth 2.0. If you are unsure, please reach out to your Customer Success Manager.
What should I do to prepare for the deprecation?
First, verify if you have apps that use Basic Authentication with Workforce Planning. See previous question. If so, plan to update or create a new version of the app using the 12-month sunset plan as a guide.
Will there be any changes in API endpoints or URLs?
No, there are no changes to API endpoints or URLs.
What support will be available during the transition?
This FAQ and our API documentation have the information needed for you to move from Basic Authentication to OAuth 2.0.
Are there any specific requirements or changes in authentication headers or parameters?
Yes, please refer to our API documentation.
Will there be any downtime during the transition?
No, there is no planned downtime. Careful review of the sunset plan above and planning will ensure a smooth transition.
How can customers ask further questions or seek assistance?
Customer Success will not be able to assist with questions about your application or technical details about the API. Please refer to the API documentation.
Is there a testing or sandbox environment available to test the new authentication method?
Yes. If you have an available testing or sandbox environment, you can test OAuth in each environment respectively.