ShieldConex v1.4. - 8.12.2021

Get an overview of new features in 1.4 like SAML Configuration, Domain Whitelisting and more.

New Features

Opt-In Communication

Having trouble staying up to date with everything going on at Bluefin? The next time you log into ShieldConex, you’ll have the ability to opt into email notifications. This includes updates, PCI news, tips, advice and more. Don’t worry about us nagging you – we’ll only ask you once.

SAML Configuration

Security Assertion Markup Language (SAML) enables single sign-on. Single Sign-On (SSO) can be configured for partners, sub-partners and clients. This function is designed to support one Identity Provider per partner and is only implemented by system administrators and system users.

The benefit of Single Sign-On (SSO) is that it enables seamless integration between the system that partners, subpartners, and clients use in their environment and SCX Manager. When users log into their own systems successfully, those credentials are recognized by SCX Manager. This allows users to access SCX Manager without having to enter unique login credentials.

Domain Whitelisting

As an added security measure, you can now enable domain whitelisting in your ShieldConex Templates. When enabled, the form will only load when embedded in the given domain. This prevents any bad actors from hosting your iFrame elsewhere on the web.

If you decide to use domain whitelisting, make sure to include all sites where your iFrame is hosted. Please refer to the user guide for more information on how to set up domains and subdomains.

Bug Fixes

Template Editor (Manage->Templates)

  1. Previously, when adding 3DS to our recently released “Payconex” templates, the CVV field was added to the iFrame twice. Now it should only add the required field once.
  2. Issues where Payconex templates were stuck in an Unpublished state have been resolved.
  3. Under 3DS configuration, the “reorder previously ordered merchandise” has been removed as an option on templates. This field is not required by any card brand for 3DS.
  4. When 3DS is configured, there is an option to “Bypass 3DS for Unsupported Card Brands". When enabled, ShieldConex will skip 3DS authentication for unsupported card types, but will continue with the tokenizations and transactions. When disabled, the use of unsupported card types will result in an error message being returned to the end-user.


  1. Previously our billing reports were being generated on a daily basis. This has been changed to update on the first of every month.
  2. Partner Users Only: The Partner Summary and Client summary were previously hosted on a single page. They have been separated into individual pages that can be reached using the navigation side-pane.
  3. Exported billing reports now additionally include PartnerId, DirectPartnerId, ClientId, FilterFromDate, and FilterToDate

Security Fixes

  1. There was a security vulnerability in the NPM Module which was identified here. In accordance with NMP’s recommended solution, we have updated our version of handlebars.