Jump to content
Martyn Houghton

Mobile App/Single Sign On

Recommended Posts

We are implementing single sign on using ADFS/SAML and pre-creating our users via the LDAP Import tool. Therefore the Hornbill platform will not contain a password in essence for any of our users.

As I understand it at the moment the mobile app needs a Hornbill password to connect, rather than using the SSO process.

If as user logs into the application via SSO and then uses the change password option in their profile, will this suffice for them connecting via the Mobile App?

Cheers

Martyn

Share this post


Link to post
Share on other sites

Hi Martyn

When the accounts are all configured for SSO they will not have an Old Password so you will not be able to use the Change Password option.

There are a few ways you can get around this but they are as yet undocumented, i will try and get some information for you.

Kind Regards

Trevor Killick

Share this post


Link to post
Share on other sites

Hi Martyn

Just had a chat with out Platform team and there is an issue that was over looked as the Mobile App was build and designed at a time when we used AD Authentication to login so required a username and password, since then we moved the SAML authentication in the client.

If you know your old password you can as mentioned go into the User Profile in Collaboration and change your password and login to the Mobile App even when using SAML.

We are working on a short term fix to allow the password to be changed without knowing the old password (Controlled by a System Setting).

In the long term the Platform Team are working at providing a Secure Mobile App Authentication schema that will allow you to register a device against the user without using the userid and password once i get a Change request for this i will update the post.

In the mean time you can use the Admin Tool to reset an users password which will then allow them to login with the password you set or go into there profile and change the password.

Kind Regard

Trevor Killick

Share this post


Link to post
Share on other sites

Trevor

Thanks for the update. I located the random password record in the LDAP import process to use for testing at the moment and use password reset option as a workaround for going live, as initial the volume of mobile users will be small.

Cheers

Martyn

Share this post


Link to post
Share on other sites

Trevor

Is there an update on the short term fix to allow users to change their fixed password so they can use the Mobile App when using single sign on?

Cheers

Martyn

Share this post


Link to post
Share on other sites

Hi Martyn

Yes a user can now change there password even if they do not previously know their password.

There is an issue where the Client will not lot you change you password without sending the old password so i will raise this with development and get them to remove this.

Once this is done you will need to disable this system setting security.user.passwordPolicy.requireOldPasswordForReset

post-8238-0-43684000-1460724534.png

Kind Regards

Trevor Killick

Share this post


Link to post
Share on other sites

Hi Martyn

The change has been made when security.user.passwordPolicy.requireOldPasswordForReset is set to false then the following view will be seen when changing the password in Users Profile View.

post-8238-0-00782000-1460727344.png

This still has to go through our continual deployment cycle so i will post when the relevant deployments has been made to live and this is available for use.

Kind Regards

Trevor Killick

Share this post


Link to post
Share on other sites

Trevor

Thanks for the update. If you can let me know when Development have fixed the remaining part.

Cheers

Martyn

Share this post


Link to post
Share on other sites

Hi Martyn

The development is all done its just waiting on the builds to go out which i will reply about when available.

Kind Regards

Trevor Killick

Share this post


Link to post
Share on other sites

Hi Martyn

I just found my note to say when the UI change was available, its now possible for a user to change there password when you do not already know it.

We are still waiting for development to be completed on the mobile authentication change.

Kind Regards

Trevor Kilick

Share this post


Link to post
Share on other sites

Hi Martyn,

You might appreciate this change which is now being rolled out. We have made mobile device registration much easier than before. A new feature of the Hornbill Platform allows you to register one or more devices against your profile, this means your mobile no longer has to remember credentials and should you loose your device you can simply log into your profile and deregister your device which will prevent any further access.   Check you the video to see how it works.

https://www.hornbill.com/blogpost/easy-and-secure-mobile-device-registration/


Gerry

Share this post


Link to post
Share on other sites

Gerry

That looks a lot easier for staff to sort themselves out. Is this dependent on a specific platform release, as we do not seem to have devices tab in the setting options? 

Also will existing mobile connections be migrated over all will they need to be re-registered?

Cheers

Martyn

Share this post


Link to post
Share on other sites

HI Martyn,

Its behind an experimental system setting which you should be able to turn on in the admin tool.  It will be flipped on by default soon anyway, and the experimental setting will be removed. 


The latest mobile app is also using API keys now so its a little snappier in places too :)

Gerry

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...