Jump to content

Mobile App/Single Sign On

Martyn Houghton

By Martyn Houghton
in iOS

 Share

Recommended Posts

Martyn Houghton Grand Master

Martyn Houghton

Posted
Posted

We are implementing single sign on using ADFS/SAML and pre-creating our users via the LDAP Import tool. Therefore the Hornbill platform will not contain a password in essence for any of our users.

As I understand it at the moment the mobile app needs a Hornbill password to connect, rather than using the SSO process.

If as user logs into the application via SSO and then uses the change password option in their profile, will this suffice for them connecting via the Mobile App?

Cheers

Martyn

Link to comment
Share on other sites
TrevorKillick Experienced

TrevorKillick

Posted
Posted

Hi Martyn

When the accounts are all configured for SSO they will not have an Old Password so you will not be able to use the Change Password option.

There are a few ways you can get around this but they are as yet undocumented, i will try and get some information for you.

Kind Regards

Trevor Killick

Link to comment
Share on other sites
TrevorKillick Experienced

TrevorKillick

Posted
Posted

Hi Martyn

Just had a chat with out Platform team and there is an issue that was over looked as the Mobile App was build and designed at a time when we used AD Authentication to login so required a username and password, since then we moved the SAML authentication in the client.

If you know your old password you can as mentioned go into the User Profile in Collaboration and change your password and login to the Mobile App even when using SAML.

We are working on a short term fix to allow the password to be changed without knowing the old password (Controlled by a System Setting).

In the long term the Platform Team are working at providing a Secure Mobile App Authentication schema that will allow you to register a device against the user without using the userid and password once i get a Change request for this i will update the post.

In the mean time you can use the Admin Tool to reset an users password which will then allow them to login with the password you set or go into there profile and change the password.

Kind Regard

Trevor Killick

Link to comment
Share on other sites
  • 2 weeks later...
  • 2 months later...
TrevorKillick Experienced

TrevorKillick

Posted
Posted

Hi Martyn

Yes a user can now change there password even if they do not previously know their password.

There is an issue where the Client will not lot you change you password without sending the old password so i will raise this with development and get them to remove this.

Once this is done you will need to disable this system setting security.user.passwordPolicy.requireOldPasswordForReset

post-8238-0-43684000-1460724534.png

Kind Regards

Trevor Killick

Link to comment
Share on other sites
TrevorKillick Experienced

TrevorKillick

Posted
Posted

Hi Martyn

The change has been made when security.user.passwordPolicy.requireOldPasswordForReset is set to false then the following view will be seen when changing the password in Users Profile View.

post-8238-0-00782000-1460727344.png

This still has to go through our continual deployment cycle so i will post when the relevant deployments has been made to live and this is available for use.

Kind Regards

Trevor Killick

Link to comment
Share on other sites
  • 1 month later...
TrevorKillick Experienced

TrevorKillick

Posted
Posted

Hi Martyn

I just found my note to say when the UI change was available, its now possible for a user to change there password when you do not already know it.

We are still waiting for development to be completed on the mobile authentication change.

Kind Regards

Trevor Kilick

Link to comment
Share on other sites
  • 2 months later...
Gerry Grand Master

Gerry

Posted
Posted

Hi Martyn,

You might appreciate this change which is now being rolled out. We have made mobile device registration much easier than before. A new feature of the Hornbill Platform allows you to register one or more devices against your profile, this means your mobile no longer has to remember credentials and should you loose your device you can simply log into your profile and deregister your device which will prevent any further access.   Check you the video to see how it works.

https://www.hornbill.com/blogpost/easy-and-secure-mobile-device-registration/


Gerry

Link to comment
Share on other sites
Martyn Houghton Grand Master

Martyn Houghton

Posted
  • Author
Posted

Gerry

That looks a lot easier for staff to sort themselves out. Is this dependent on a specific platform release, as we do not seem to have devices tab in the setting options? 

Also will existing mobile connections be migrated over all will they need to be re-registered?

Cheers

Martyn

Link to comment
Share on other sites
Gerry Grand Master

Gerry

Posted
Posted

HI Martyn,

Its behind an experimental system setting which you should be able to turn on in the admin tool.  It will be flipped on by default soon anyway, and the experimental setting will be removed. 


The latest mobile app is also using API keys now so its a little snappier in places too :)

Gerry

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...