05-05-2021 02:06 PM
After some recent work and discussions with support, as well as getting confirmation on the post you can find here, I would NOT suggest you consider deploying the Hyland IdP if the following situations apply to you.
If you use AD - Enhanced:
I know there are more like the ones dealing with load balancing and security log history on user accounts from
Hopefully Hyland gets this fixed sooner rather than later because the issues I have brought up, and the issues mentioned below, are absolute show stoppers for us except for the handful of users that will HAVE to use the Hyland IdP. Until these issues are fixed, I advise you to very VERY carefully evaluate the problems I have presented as well as the problems mentioned by others below before you go to implement the Hyland IdP.
Another issue I just thought about is how does this affect multi-domain systems? This could make this even MORE uglier than my #3 example.
Thanks.
Tagging people that I know this might affect to spread the word.
05-06-2021 01:57 PM
05-06-2021 02:04 PM
Thank you
05-06-2021 02:16 PM
Oh, I guess I should add to my list that the OnBase IdP as well as the Hyland IdP don't respect internal OnBase user/security groups at all. I have found out through testing that if you are assigned to a user group that isn't tied to AD, then when you login through the OB or Hyland IdP you will be removed from that group.
As well, the biggest thing that I hate so much is the fact that the IdP requires the security group names to match exactly to what is inside of OnBase. One of the biggest benefits of moving to the AD - Enhanced setup was the ability to map user groups to AD security groups, even if the name didn't match exactly. This just meant it was that much easier to map as well as reduced the amount of security groups a person was in inside of AD. It also meant that we didn't have to go and create special OnBase security groups to match the names inside of OnBase.
Those are the other two big issues I have with the IdP overall. Just simply put, it doesn't integrate or play well with OnBase at all. I feel like in a way I have gone back to the days of AD - Basic.
Thanks.
05-06-2021 02:42 PM
Thanks Ryan for posting this, we currently have IdP implemented but it does present some interesting issues:
1. When authenticating into the Unity Client using IdP our users tend to lose their workview "enable always on" settings, it only holds onto the last one they had open this is annoying more then system limiting
2. We had some load balancing issues using user groups because when the user would authenticate in it would remove them and add them back in to their groups causing them to be removed from the load balancing (we did work with support and have this semi fixed currently)
3. We currently are having issues where the cache on the OnBase side holds onto previous values and then will not let the user log in because it claims the headers are to long, we have to go manually remove all cookies for the Hyland site to get them back in.
These are the 3 main things I run into consistently in addition to the issues Ryan has listed above.
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.