This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Conditional Access with Azure

Jessica_Gutshal
Star Collaborator
Star Collaborator

‎12-02-2021 11:12 AM

Our Security team is looking to set up Conditional Access using Azure and thought this was possible starting with EP5.  Can someone confirm?  I searched the Release Notes and didn't see anything about Conditional Access or Azure (I'm not familiar with this).  We currently authenticate using IdP Single Sign On with Active Directory.

Labels:
0 Kudos
3 REPLIES 3

AdamShaneHyland
Employee
Employee

‎12-02-2021 11:32 AM

Hi @Jessica G

 

Conditional Access is a feature of Azure AD and therefore is likely not going to be documented within any Hyland documentation.  I don't believe there are any concerns with using it for SAML authentication via the Hyland IDP.

 

Best wishes.

0 Kudos

Christian_Neder
Champ on-the-rise
Champ on-the-rise
In response to AdamShaneHyland

‎12-03-2021 08:36 AM

Adam please note that Nobly has previously filed a support case (00392381) about an issue with Conditional Access when Unity Client and Office Plugins are setup for SSO using the built-in browser (based on Chromium / CefSharp).

0 Kudos

Christian_Neder
Champ on-the-rise
Champ on-the-rise

‎12-03-2021 08:47 AM

The Unity Client and Office Plugins uses a built-in browser (based on Chromium / CefSharp) when doing the Single Sign-On part towards the Identity Provider (which in return forwards to an authorization provider such as Okta, Azure AD etc.)

Since CefSharp does not support Conditional Access (details here: https://stackoverflow.com/questions/67259951/cefsharp-browser-control-not-working-with-azure-ad-cond... we found that Unity Client and Office Plugins could not be used since Conditional Access is being deployed throughout Microsoft Azure as recommended use.

We proposed a solution to Hyland to use the native desktop-based browser installed on the machine running the Unity Client, since that would support Hardware Conditional Access policy in Microsoft Azure AD and other similar services.
In the latest FEP5 releases this is now possible by setting:

<!-- Set this option to true to use the default system web browser for Idp authentication--><add key="useSystemBrowserForIdpLogin" value="true"/>

However, the specific implementation from Hyland in relation to how the system browser window is displayed to the user (at login and at logout) is not very user-friendly.

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC