This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Identity Provider and non-interactive logins?

Robert_Manshack
Champ on-the-rise
Champ on-the-rise

‎07-15-2024 08:46 AM

Is there any update to the roadmap for Identity Provider to implement non-interactive logins using SAML authentication? For example, launching Web or Unity client from an Okta/Azure/OneLogin portal and the user not needing to type in a password again vs the way the clients redirect for authentication and force a login screen?

Labels:
0 Kudos
5 REPLIES 5

Jimmy_Byrne
Star Contributor
Star Contributor

‎07-15-2024 08:56 AM

Hello @Robert Manshack,

 

The Hyland Identity Provider (IdP) is service provider (SP) initiated meaning it is redirecting to the third-party SAML provider for authentication. In this scenario, the onus is on the SAML provider to  handle single sign on (SSO) functionality. 

 

Entra (formerly Azure), for example, refers to this as Seamless SSO. You'll need to reference documentation from the respective SAML provider for steps on setting up SSO as the Hyland IdP does not handle this portion of authentication. 

Stefan_Sulea
Star Contributor
Star Contributor
In response to Jimmy_Byrne

‎07-16-2024 03:25 AM

Hello Jimmy,

 

Sorry to interject, but does the same apply to a ADFS provider? 

 

We encounter a similar issue where ADFS login is prompted even if the user is already authenticated in the browser  with ADFS and we are trying to figure out where to start to have this work seamlessly.

 

Thank you,
Stefan

0 Kudos

AdamShaneHyland
Employee
Employee
In response to Stefan_Sulea

‎07-16-2024 07:06 AM

Hi @Stefan Sulea ,

 

Yes, this works with AD FS.  This will depend on your solution, however since the authenticating user may or may not be joined to the domain.   AD FS relies on Windows Authentication for a non-interactive authentication experience (though there may be other ways of doing it too).  This is only possible when the user is logged into the same domain as the AD FS server.  In the scenario where a user is not logged into the domain, Forms Authentication is used through the AD FS Proxy and seamless authentication would not be possible.

 

The prompt that the users are encountering could vary; Windows Authentication prompt vs. a Forms Authentication prompt.  Windows Authentication prompt occurs when Windows Authentication fails and requires a user to enter their domain credentials whereas Forms Authentication is a web page that prompts the user for authentication.

 

Best wishes.

0 Kudos

Robert_Manshack
Champ on-the-rise
Champ on-the-rise
In response to Jimmy_Byrne

‎07-16-2024 03:29 PM

Just to be clear, I'm talking about the option for Identity Provider Initiated so that the users can launch Unity/Web from their portals. We were told early on (and maybe Single Sign On wasn't possible back then in this context) that using IdP would force them to enter credentials because of the redirect to the SAML provider and service provider initiation.

 

In a nutshell, you're saying that even with the current IdP, if the SAML provider supports it, they can technically have a seamless "autologin" or non-interactive login experience even though IdP is Service Provider Initiated?

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC