Jump to content

Andrej

Administrators
  • Posts

    60
  • Joined

  • Last visited

  • Days Won

    3

Andrej last won the day on August 13 2015

Andrej had the most liked content!

About Andrej

Recent Profile Visitors

722 profile views

Andrej's Achievements

Newbie

Newbie (1/14)

3

Reputation

  1. I have tested OIDC integration with Microsoft Azure and it works without any issues with version 2.4 of Intella Connect. So there is no need for an update. I'm attaching a guide to setup SSO with Microsoft Azure and Intella Connect: SSO with Intella Connect and Azure.pdf Note that Microsoft Azure documentation of Redirect URI (reply URL) restrictions and limitations does not mention any restriction on query string parameters: https://docs.microsoft.com/en-us/azure/active-directory/develop/reply-url When validating ID token and using RS algorithm, then JWK set needs to be downloaded in order to compare keys. By default, the connect and read timeout are 500 ms. Due to network latency or error, this can result in user to be denied access during login even if valid credentials are provided. This can be seen in the logs containing following error message: "Couldn't retrieve remote JWK set: Read timed out" In such case I suggest changing the timeout values as described in https://www.vound-software.com/docs/connect/2.4/Intella Connect Administrator Manual.html#_additional_settings This guide to setup SSO with Microsoft Azure and Intella Connect will be added to upcoming new release of Intella Connect, so that it is also available in Intella Connect Administrator Manual.
  2. Hi Eric, I will need to check and get back to you.
  3. Note that as of latest version 2.3.1.2 (and any before it), Intella Connect does not support direct integration with OIDC provider. This is a new feature being developed - we aim to have this added to the next major release. I don't know what exactly you tried, but I expect therefore that you tried some indirect integration, which may have resulted in some issues. Since OIDC integration will be directly supported in Intella Connect, which we aim for next major release, then it is expected to receive proper testing before the release as well as direct support provided for customers with current Maintenance Agreement after the release.
  4. When using Google OIDC, then I have been able to restrict access to only G Suite accounts of a particular company. I did try logging in with my private gmail account and the login was refused on Google side stating that only accounts from particular company are allowed. When using Okta OIDC, then I could add people who can log in: Please note that these settings are done on the OIDC provider side. So it is up to you to choose a provider that suits your needs. The provider needs to be OIDC standard complaint as described by the specifications: https://openid.net/specs/openid-connect-core-1_0.html The status update on OIDC implementation in Connect is that the implementation is currently working and tested with the following OIDC providers: Google (google.com) Okta (okta.com) simple-oidc-provider (https://hub.docker.com/r/qlik/simple-oidc-provider/)
  5. In order for Intella Connect to integrate with OIDC provider and allow authentication via that OIDC provider, both OIDC provider and Intella Connect will need to be configured first. In this example I will show integration of Intella Connect and Google OIDC server. Intella Connect will allow multiple OIDC providers to be configured at once. Please note that the screenshots provided are subject to change. On Connect side, new Single Sign On provider will be added with information that it requires to communicate with the OIDC provider: All of the above fields can be found at OIDC provider's side. Intella Connect will then generate Redirect URI which will be needed when configuring the integration on OIDC provider's side: Note that when integrating Intella Connect with Google OIDC server, you can for example see the Client ID and Client secret provided on the page shown in above screenshot. Once this configuration is done, users that will navigate to Intella Connect page will see new button "Log in with Google": When the user is already logged in with Google, then it is as simple as clicking on the button "Log in with Google" without filling username or password fields. Intella Connect will communicate in background with Google and create a login session with Intella Connect. The user will then be logged in: If the user is not logged in when clicking on "Log in with Google" button, then the browser will redirect to Google login page in order for that user to log in. Afterwards, it will not be required to click on "Log in with Google" button again, since Intella Connect and Google will already exchange the user information in background and the user will then be automatically redirected to above screenshot. Note that if a user does not have an account in Intella Connect which would relate to account at OIDC provider, then such account will be created automatically after a successful login. That is why the above screenshot shows "No cases have been shared with you yet.". It is because this is a new user that I just logged in with. Intella Connect administrator or cases manager can then assign this new user with cases.
  6. We aim to have the SSO feature added to the next major release. Could you let us know which SSO provider will you want to use? If you are not comfortable sharing this information on our public forum, then you can also email that information to us via our Support channel: support@vound-software.com
  7. I have past experience of working with AWS and I have used that experience to check Intella Connect with AWS - we have done some internal Vound testing of Intella Connect with AWS. We did not encounter issues with regards to running it on AWS. Jacques, as you mentioned, we have used network dongle to provide Intella Connect with license. Please note that the hardware configuration is up to you. The above forum post outlines minimum requirements. It also mentions why we do not provide what is the ideal setup, because it also depends on your budget.
  8. Indeed OIDC seems to be the way to go, especially since it is so widely used by well-known companies (Google, Microsoft, Yahoo, PayPal, Amazon, SalesForce, PhantAuth, Okta). I have also seen ability to operate own OpenID Connect provider/server. Which OIDC provider/server would you be using if you don't mind sharing? The reason I'm asking is that implementing this feature into Connect is not enough. The users of SSO in Connect will need to know how to configure and use it with connection of their OIDC provider/server. I know that trying to configure and use a feature without any documentation can sometimes lead to frustration. So we want to be able to provide documentation about how to use SSO with your OIDC provider/server. If you would prefer not to share, which is perfectly fine, then please let us know which OIDC provider/server should we write the documentation for. For example, would it be helpful if we would write documentation on how to setup SSO with Google?
  9. Hi Paolo1982, we are considering adding Single Sign On (SSO) support via OAuth in Intella Connect soon. As a side effect of being able to log in into SSO provider who has two factor authentication provided, would that satisfy your need? Or would you prefer to have stand alone two factor authentication in Intella Connect due to not using SSO? For example, provided that Intella Connect would have SSO support, you could configure Google as your SSO provider. Since Google has two factor authentication already provided in their systems, you could then log in into your Google account, via email and password. Google will then ask you to provide code as part of two factor authentication. After successfully logging in into Google, you could navigate to Intella Connect without having to log in, because you already logged in into Google and your credentials were carried over via SSO. Would that work for you? Additionally, if you would be interested in SSO, could you please take a look into topic: and let us know what you think?
  10. Brendan, we are considering adding Single Sign On (SSO) support via OAuth in Intella Connect soon. As a side effect of being able to log in into SSO provider who has two factor authentication provided, would that satisfy your need? Or would you prefer to have stand alone two factor authentication in Intella Connect due to not using SSO? For example, provided that Intella Connect would have SSO support, you could configure Google as your SSO provider. Since Google has two factor authentication already provided in their systems, you could then log in into your Google account, via email and password. Google will then ask you to provide code as part of two factor authentication. After successfully logging in into Google, you could navigate to Intella Connect without having to log in, because you already logged in into Google and your credentials were carried over via SSO. Would that work for you? Additionally, if you would be interested in SSO, could you please take a look into topic: and let us know what you think?
  11. Hi dale, could you please take a look at topic: and let us know what you think?
  12. Hi all, we are considering adding Single Sign On (SSO) support via OAuth in Intella Connect soon. SSO allows a user to log in with a single ID and password only once to gain access to any of several related systems. For example, a user logs in to Google account and afterwards that user can navigate to GMail, Google Cloud or Intella Connect without any of those systems asking for username and password. Would that satisfy your SSO needs? What providers are you using? Any best practices or special features you can think of that should be considered when implementing this feature into Intella Connect?
  13. The Print Report button opens a print dialog that shows the native rendering of the item with a minimal amount of metadata. If the item has attachments, you are asked if these should also be printed. This button therefore has the same functionality in Intella as it does in Connect, but indeed the Connect user manual needs to be changed to reflect this. I will make sure to change the online version of Connect user manual and for future versions, but the PDF version of the Connect user manual that you already have cannot be changed remotely. Sorry for inconvenience.
  14. fuzed, you can install Connect as a Windows service, which will let Connect start at Windows start-up. Follow this section of Connect user manual on how to do that: https://www.vound-software.com/docs/connect/2.1.0/admin/03_01_connect_as_service.html
  15. Hi Jason, the message hash that is calculated for emails does gets close to this, but it does include the date and time, so it's too strict for your purpose. We're considering this feature.
×
×
  • Create New...