Root Cause: To mitigate a high-volume traffic flood causing a sitewide outage, three JA3 fingerprints were added to the edge block list.
Issue: These JA3 signatures inadvertently matched legitimate user traffic patterns, resulting in a "malicious activity" security flag for some end-users during SSO/Canvas login.
Resolution: The specific JA3 blocks have been removed from the security controls.