The OnBase Administration Portal requires a client connection with the Hyland Identity Provider (IdP) server for authentication.
To configure the OnBase Administration Portal for IdP authentication:
-
Configure a client connection on the Hyland IdP server for the OnBase Administration Portal to use.
Tip:
Complete details on configuring a client connection on the Hyland IdP server are documented in the separate Identity and Access Management Services documentation. Version compatibility with OnBase Foundation releases is documented in the Version section of that documentation.
The client connection must have the following settings as well as any standard required settings. All other settings can be left with their default values.
Setting Value Client Name
Enter the name you want to associate with your OnBase Administration Portal installation.
Protocol Type
oidc
Redirect URLs
Enter the path to the authentication confirmation page. The following is an example, where "ComputerName" is replaced with the name of the computer:
https://ComputerName/OBADMIN-PORTAL/view/authentication-confirmation
Allowed Grant Types
Allowed grant types are:
- Authorization Code
- Password
Allowed Scopes
Allowed scopes are:
- openid
- profile
- profile.onbase
- evolution
Allow users to login locally
This option must be selected.
Allow clients to request a refresh token
This option must be selected.
Allow issuing access tokens to browsers
This option must be selected.
Pkce
Select Require PKCE.
Post Logout Redirect URLs
Enter the path to logout page. The following is an example, where "ComputerName" is replaced with the name of the computer:
https://ComputerName/OBADMIN-PORTAL/view/unauthenticated
Refresh Token Usage
OneTimeOnly
Refresh Token Expiration
Absolute
Include user claims in ID token
This option must be selected.
Allowed CORS Origins
*
- Save the client connection.
- Recycle the application pool of the Hyland IdP server in IIS for the changes to take effect.