Martyn Houghton Posted January 22, 2016 Share Posted January 22, 2016 We are implementing single sign on using ADFS/SAML and pre-creating our users via the LDAP Import tool. Therefore the Hornbill platform will not contain a password in essence for any of our users. As I understand it at the moment the mobile app needs a Hornbill password to connect, rather than using the SSO process. If as user logs into the application via SSO and then uses the change password option in their profile, will this suffice for them connecting via the Mobile App? Cheers Martyn Link to comment Share on other sites More sharing options...
TrevorKillick Posted January 22, 2016 Share Posted January 22, 2016 Hi Martyn When the accounts are all configured for SSO they will not have an Old Password so you will not be able to use the Change Password option. There are a few ways you can get around this but they are as yet undocumented, i will try and get some information for you. Kind Regards Trevor Killick Link to comment Share on other sites More sharing options...
TrevorKillick Posted January 22, 2016 Share Posted January 22, 2016 Hi Martyn Just had a chat with out Platform team and there is an issue that was over looked as the Mobile App was build and designed at a time when we used AD Authentication to login so required a username and password, since then we moved the SAML authentication in the client. If you know your old password you can as mentioned go into the User Profile in Collaboration and change your password and login to the Mobile App even when using SAML. We are working on a short term fix to allow the password to be changed without knowing the old password (Controlled by a System Setting). In the long term the Platform Team are working at providing a Secure Mobile App Authentication schema that will allow you to register a device against the user without using the userid and password once i get a Change request for this i will update the post. In the mean time you can use the Admin Tool to reset an users password which will then allow them to login with the password you set or go into there profile and change the password. Kind Regard Trevor Killick Link to comment Share on other sites More sharing options...
Martyn Houghton Posted February 4, 2016 Author Share Posted February 4, 2016 Trevor Thanks for the update. I located the random password record in the LDAP import process to use for testing at the moment and use password reset option as a workaround for going live, as initial the volume of mobile users will be small. Cheers Martyn Link to comment Share on other sites More sharing options...
Martyn Houghton Posted April 15, 2016 Author Share Posted April 15, 2016 Trevor Is there an update on the short term fix to allow users to change their fixed password so they can use the Mobile App when using single sign on? Cheers Martyn Link to comment Share on other sites More sharing options...
TrevorKillick Posted April 15, 2016 Share Posted April 15, 2016 Hi Martyn Yes a user can now change there password even if they do not previously know their password. There is an issue where the Client will not lot you change you password without sending the old password so i will raise this with development and get them to remove this. Once this is done you will need to disable this system setting security.user.passwordPolicy.requireOldPasswordForReset Kind Regards Trevor Killick Link to comment Share on other sites More sharing options...
TrevorKillick Posted April 15, 2016 Share Posted April 15, 2016 Hi Martyn The change has been made when security.user.passwordPolicy.requireOldPasswordForReset is set to false then the following view will be seen when changing the password in Users Profile View. This still has to go through our continual deployment cycle so i will post when the relevant deployments has been made to live and this is available for use. Kind Regards Trevor Killick Link to comment Share on other sites More sharing options...
Martyn Houghton Posted April 15, 2016 Author Share Posted April 15, 2016 Trevor Thanks for the update. If you can let me know when Development have fixed the remaining part. Cheers Martyn Link to comment Share on other sites More sharing options...
TrevorKillick Posted April 15, 2016 Share Posted April 15, 2016 Hi Martyn The development is all done its just waiting on the builds to go out which i will reply about when available. Kind Regards Trevor Killick Link to comment Share on other sites More sharing options...
Martyn Houghton Posted April 15, 2016 Author Share Posted April 15, 2016 Trevor Thanks. I think we where typeing updated both at the time. Cheers Martyn 1 Link to comment Share on other sites More sharing options...
TrevorKillick Posted May 16, 2016 Share Posted May 16, 2016 Hi Martyn I just found my note to say when the UI change was available, its now possible for a user to change there password when you do not already know it. We are still waiting for development to be completed on the mobile authentication change. Kind Regards Trevor Kilick Link to comment Share on other sites More sharing options...
Gerry Posted July 23, 2016 Share Posted July 23, 2016 Hi Martyn, You might appreciate this change which is now being rolled out. We have made mobile device registration much easier than before. A new feature of the Hornbill Platform allows you to register one or more devices against your profile, this means your mobile no longer has to remember credentials and should you loose your device you can simply log into your profile and deregister your device which will prevent any further access. Check you the video to see how it works.https://www.hornbill.com/blogpost/easy-and-secure-mobile-device-registration/ Gerry Link to comment Share on other sites More sharing options...
Martyn Houghton Posted July 25, 2016 Author Share Posted July 25, 2016 Gerry That looks a lot easier for staff to sort themselves out. Is this dependent on a specific platform release, as we do not seem to have devices tab in the setting options? Also will existing mobile connections be migrated over all will they need to be re-registered? Cheers Martyn Link to comment Share on other sites More sharing options...
Gerry Posted July 25, 2016 Share Posted July 25, 2016 HI Martyn, Its behind an experimental system setting which you should be able to turn on in the admin tool. It will be flipped on by default soon anyway, and the experimental setting will be removed. The latest mobile app is also using API keys now so its a little snappier in places too Gerry Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now