Flexera One UI - All Regions - Access Disruption

Description: Flexera One – UI – All Regions – Access Disruption (HTTP 403 Errors)

Timeframe: March 18, 2026, 2:39 AM PDT – March 18, 2026, 4:35 AM PDT

Incident Summary

On March 18, 2026, at approximately 2:39 AM PDT, an issue was identified affecting access to the Flexera One UI across North America (NA), Europe (EU), and Asia-Pacific (APAC). During this period, customers attempting to start new sessions or log in to the UI may have encountered HTTP 403 errors when attempting to access the service.
Customers who already had an active session open may have continued to access the UI, while new login attempts could fail. As a result, some users may have been unable to access the UI during the incident window.
Technical teams began investigating immediately and confirmed that the issue was related to a recently introduced security control change that affected legitimate access requests more broadly than intended.
By March 18, 2026, at approximately 4:35 AM PDT, the change had been reverted and access to the Flexera One UI was restored across all affected regions. Following validation that login and access behavior had returned to expected operation, the incident was considered resolved.

Root Cause

The incident was caused by a recently introduced security control change that behaved more broadly than intended and unintentionally blocked valid customer access requests. This prevented some customers from successfully starting new sessions or logging in to the Flexera One UI and resulted in HTTP 403 errors during the incident window.

Remediation Actions
The following actions were taken during the incident response:

1. Incident Detection and Response Initiated: Technical teams were notified of the access issue and began investigating the disruption affecting the Flexera One UI across all regions.
2. Impact Isolation: It was confirmed that the issue was affecting new login attempts and session initiation, while some existing active sessions could continue operating during the incident window.
3. Change Review and Validation: The recently introduced control change was reviewed to determine why legitimate customer access requests were being blocked.
4. Corrective Change Applied: The change responsible for the unintended blocking behavior was reverted to restore normal access.
5. Service Restoration Verification: Following the corrective action, access to the Flexera One UI was validated across affected regions and confirmed to be functioning normally.
   

Future Preventative Measures
This incident highlighted the importance of strong validation, coordination, and monitoring when implementing access-related control changes within a centralized configuration.

Based on this experience, the following measures are being applied:

1. Change Validation and Deployment Controls: We are strengthening review, validation, and staged deployment practices for access-related control changes before they are applied more broadly.
2. Rollback and Communication Readiness: We are reinforcing rollback preparedness, stakeholder communication, and post-change monitoring to reduce the likelihood and duration of similar issues.
3. Alerting Sensitivity Review: We are reviewing alerting sensitivity to help identify unintended access disruptions sooner following similar changes.