This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

IDP w/ Azure AD in EP5 - Group names

Go to answer
Jeffrey_Seaman
Star Contributor
Star Contributor

‎10-28-2021 09:00 AM

We will be performing an installation for a customer in the near future who would like to integrate OnBase EP5 with Azure AD. Based on posts I have found here on the community, it appears that there are (were?) some quirks in previous releases with Azure AD SAML 2.0 integrations where the OnBase user group name needed to be the GUID of the corresponding group in Azure AD as opposed to the group name. This results in the OnBase user group names being less than helpful.

 

Does this same situation still apply in EP5? I tried checking the IAM/IDP MRGs, but was not able to find any references to Azure AD. If it is still present with the SAML 2.0 integration, what about WS-FED? I see that is also a possible configuration avenue for Azure AD integration. I would prefer to go with an option that makes configuration as seamless as possible for the customer if they need to update the OnBase configuration in the future.

Labels:
0 Kudos
1 ACCEPTED ANSWER

Go to answer
AdamShaneHyland
Employee
Employee

‎11-02-2021 10:20 AM

Hi @Jeffrey Seaman ,

 

I'm assuming you are referencing this post ...

 

... which discusses how User Group Claims are passed to the Hyland IDP via the SamlResponse when using Azure AD.  Here is an article on the topic from Microsoft ...

 

I don't believe there will be any difference based on the authentication protocol you use (SAML vs. WS-FED) to pass back the claims to the Hyland IDP, but I've only tried SAML.

 

At this time, the development of a solution via Software Change CI-2631 to workaround this scenario has not been completed.

 

Best wishes.

View answer in original post

0 Kudos
3 REPLIES 3

Go to answer
AdamShaneHyland
Employee
Employee

‎11-02-2021 10:20 AM

Hi @Jeffrey Seaman ,

 

I'm assuming you are referencing this post ...

 

... which discusses how User Group Claims are passed to the Hyland IDP via the SamlResponse when using Azure AD.  Here is an article on the topic from Microsoft ...

 

I don't believe there will be any difference based on the authentication protocol you use (SAML vs. WS-FED) to pass back the claims to the Hyland IDP, but I've only tried SAML.

 

At this time, the development of a solution via Software Change CI-2631 to workaround this scenario has not been completed.

 

Best wishes.

0 Kudos

Go to answer
Jeffrey_Seaman
Star Contributor
Star Contributor
In response to AdamShaneHyland

‎11-04-2021 06:28 AM

Yes, that is the post I was referring to. Reading it a second time, it sounds like Renee has hers working with friendly groups names based on her comment regarding the Source Attribute which apparently only works if syncing groups from an on prem source. I am pretty sure our customer said they were planning to get rid of on prem, but all of my research says that it is difficult and not a good idea, so maybe they are confused.

 

I guess we'll see what happens when it comes time to start configuring things. Thanks for your response.

0 Kudos

Go to answer
AdamShaneHyland
Employee
Employee
In response to Jeffrey_Seaman

‎11-04-2021 06:43 AM

My pleasure.

 

My guess is that they have an on-premise AD environment which allows for this to work.  I'm not aware of any other way to get it work, but if you learn something, please share it.

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC