Martyn Houghton Posted September 19, 2017 Share Posted September 19, 2017 We currently use single sign on via ADFS and LDAP Import to manage our authentication process into Hornbill. At the moment users will be stopped from logging in to Hornbill when there AD account is disabled, but if the user already has a connection open to Hornbill prior to the account being disabled they are able to continue to use the system. Is it currently possible via the LDAP Importer to update the Hornbill User's status to suspended based on the AD Disabled attribute and secondly if a Hornbill account is suspended when a user is logged in do they get logged out? Cheers Martyn Link to comment Share on other sites More sharing options...
TrevorKillick Posted September 19, 2017 Share Posted September 19, 2017 @Martyn Houghton As part of the UserAccountStatus configuration the status can be (active | suspended | archived ) so you can set the Hornbill Accounts to suspended based on an AD flag, this is typically done using a separate configuration of import that is set to update only and search LDAP for disabled users. Currently the active session is not expired automatically and would need to time out. Kind Regards Trevor Killick Link to comment Share on other sites More sharing options...
Martyn Houghton Posted September 19, 2017 Author Share Posted September 19, 2017 @TrevorKillick Thanks. So the session would have to time out based on the setting 'communications.sessionIdleTimeout' before the suspension would become active, however this will trigger a login via adfs SSO which would also stop the login at that point. Does the same apply to mobile app connections? When will the suspension of the accounts trigger the mobile app to no longer connect? Cheers Martyn Link to comment Share on other sites More sharing options...
TrevorKillick Posted September 19, 2017 Share Posted September 19, 2017 @Martyn Houghton Thats correct, i will check with out Mobile App Developers it uses a different mechanism for authentication so i just need to confirm the behaviour for timeout and suspended accounts. Kind Regards Trevor Killick Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now