As part of our ongoing infrastructure improvements, the One Welcome Identity Platform, which is used for authenticating users and Luna Clients, will be transitioning to use a new Certificate Authority (CA) in the upcoming weeks. The exact timing for this change will be posted in a maintenance window on the DPoD status page.

This change will be largely transparent to the majority of users. However, we would like to draw particular attention to users of the Luna Cloud HSM service. It is imperative to ensure that the Certificate Revocation List (CRL) distribution points for the Globalsign CA (http://crl.globalsign.com/) are accessible to your client to maintain uninterrupted service.

For a detailed overview of the network requirements for the Luna Cloud HSM service, please refer to the Client Network Connectivity documentation available on thalesdocs.com

Should you have any questions or require further clarification regarding this change, please do not hesitate to contact our support team.

The new Luna Cloud HSM Snapshot feature is now available to all users. Service snapshots allow Luna Cloud HSM users to restore their service partition to a previous snapshot to recover from zeroization or accidental deletion of keys. A snapshot is a complete capture of the state of the partition that includes all partition objects, (e.g keys and certificates), as well as the current state of credentials for partition users. 

Luna Cloud HSM Service snapshots are introduced with the following supported items:

• Snapshots in the Management UI: 
  • You can now create, view and manage service snapshots directly through the UI (User Interface).
• Daily Automatic Snapshots:
  • Snapshots automatically created every day.
  • Retained for 7 days.
• User-Generated Snapshots:
  • Create up to 3 snapshots per partition.
  • Each user-generated snapshot is retained for 3 months.
• Audit Log Integration:
  • All snapshot events are recorded in the Audit Log for full traceability.

See Service Snapshots for creating, deleting and restoring information.

The public endpoints  GET /v1/backoffice/accountStatuses and  GET /v1/backoffice/accountStatuses/{id}are deprecated and will be removed in a future release.
If you rely on them to know the status of a Tenant under your Service Provider, or for your own Tenant regarding the existence of an initial Service Election, you can use GET /v1/backoffice/serviceAgreements/{tenantId}to get the same information to determine if an initial Service Election has been submitted, approved or expired.

NOTE: The GET /v1/backoffice/subscriptions endpoint returns a list of existing subscriptions for:

• The current tenant, or
• A specified tenant (if one is provided),

…but not for any particular requested subscription.

The Thales Data Protection on Demand Terms of Service has been updated and is now included in the Thales Cyber Security Products End User Agreement. 

Please review the updated terms at its new location, https://cpl.thalesgroup.com/legal, for more information.

Thales Data Protection Demand has updated the Identity Provider (IDP) used in the DPoD platform to Thales OneWelcome Identity Platform in the Europe region. The North America region was migrated on February 22nd, 2025. 

This update enables the platform to provide modern authentication options to users while simplifying logins for users that manage multiple tenants on the platform. Feature updates include: 

• Improved login flow 
• Improved registration flow 
• Improved user account management flows 
• Added method to switch between tenants 
• Removed vanity URLs from tenants 
• Removed vanity service provider registration pages 

North America users can now access DPoD through the login portal at https://welcome.dpondemand.io. You will need to register a new MFA token on the initial login.  

We recommend that all Luna Cloud HSM users download a new client to ensure continued connection and performance following the migration. For more information see Upgrade Client. If you have additional questions about the migration see the DPoD IDP Migration FAQ. 

Please be aware of the following known issue when using the new login portal: 

Issue: During the login process TOTP authentication can fail and the error message: "Service temporarily unavailable, please try again later" displays.  
Workaround: Click Go back in the user interface and reenter the TOTP or enter a new TOTP. 

Thales Data Protection Demand has updated the Identity Provider (IDP) used in the DPoD platform to Thales OneWelcome Identity Platform in the North America region. The Europe region will be migrated on March 8th, 2025. 

This update enables the platform to provide modern authentication options to users while simplifying logins for users that manage multiple tenants on the platform. Feature updates include: 

• Improved login flow 
• Improved registration flow 
• Improved user account management flows 
• Added method to switch between tenants 
• Removed vanity URLs from tenants 
• Removed vanity service provider registration pages 

North America users can now access DPoD through the login portal at https://welcome.dpondemand.io. You will need to register a new MFA token on the initial login.  

We recommend that all Luna Cloud HSM users download a new client to ensure continued connection and performance following the migration. For more information see Upgrade Client. If you have additional questions about the migration see the DPoD IDP Migration FAQ. 

Please be aware of the following known issue when using the new login portal: 

Issue: During the login process TOTP authentication can fail and the error message: "Service temporarily unavailable, please try again later" displays.  
Workaround: Click Go back in the user interface and reenter the TOTP or enter a new TOTP. 

Thales Data Protection on Demand (DPoD) audit logs for Luna Cloud HSM and CipherTrust Data Security Platform as a Service (CDSPaaS) service instances are now available through the tenant user interface. You can generate, review, and download audit logs for services in your tenant using your tenants Logs page. For more information about viewing and downloading audit logs through the tenant user interface see Audit Logging.

FW 2.0.5 has been released to all production environments. This release resolves the issue with restoring Luna Cloud HSM backups from a Luna USB Backup HSM.

The new firmware versions based on region and FIPS mode are as follows: 

• NA FIPS - 2.0.5
• NA non-FIPS - 2.0.5
• EU FIPS - 2.0.5
• EU non-FIPS - 2.0.5

Added 

Luna Cloud HSM Backup

The issue with restoring Luna Cloud HSM backups from a Luna USB Backup HSM has been rectified with FW 2.0.5.

The certificate CA provider for the platform authentication service is being changed to Sectigo, a global leader in digital identity security solutions. The scheduled time for this change is detailed on the DPoD Status Dashboard. 

Please be aware that you may need to update your system's certificates and ensure that CA CRL and OCSP endpoints are reachable in accordance with this change. 

If you require assistance or have any inquiries please contact our Support Team using the Thales Customer Support Portal.

The Service Provider Tenant Usage Report and the associated tenants/usageReport, tenants/usageDetails, and service_instances/usageDetails endpoints have been removed from the platform.

As an alternative use the Service Report in the DPoD service provider tenant or the /v1/service_instances/usageBillingReport endpoint, and the  /v1/backoffice/serviceAgreements{tenantId} endpoint to compile tenant usage information.