Configuring Express Scanning to Use IdP Authentication - Identity and Access Management Services - English - Foundation 22.1 - OnBase - external

Integrating With Hyland IAM Services

Platform
OnBase
Product
Identity and Access Management Services
Release
Foundation 22.1
License
Note:

Express Scanning requires the OnBase Application Server to communicate with OnBase. You must also configure the Application Server to use IdP authentication. See Configuring the Application Server to Use IdP Authentication.

To configure Express Scanning to use the Hyland IdP server for authentication:

  1. Configure a client connection on the Hyland IdP server for Express Scanning to use.
    Tip:

    If you have already configured a client connection for use with Disconnected Scanning or Front Office Scanning, the same client connection can be used for Express Scanning. Complete details on configuring a client connection on the Hyland IdP server are documented in the separate Identity and Access Management Services documentation. Version compatibility with OnBase Foundation releases is documented in the Version section of that documentation.

    The client connection must have the following settings, as well as any standard required settings. All other settings can be left with the default values.

    Setting

    Value

    Protocol Type

    oidc

    Redirect URLs

    The URL of the Service.asmx page of the OnBase Application Server. This value must be all lowercase.

    For example, if your domain is my.domain, the OnBase Application Server application is named AppServer, and the environment is configured for secure connections, then the value is: https://my.domain/appserver/service.asmx

    Allowed Grant Types

    Authorization Code

    Allowed Scopes

    • openid

    • onbaseapi

    • offline_access

    Allow clients to request a refresh token

    This option must be selected.

    Post Logout Redirect URLs

    This value does not need to be configured for Express Scanning.

    Pkce

    Select Require PKCE

    Secret

    Do not select Client Secret must be present

  2. After saving the client connection, copy the Client ID value to the clipboard by clicking the icon at the right of the Client ID field.
    Tip:

    Recycle the application pool of the Hyland IdP server in IIS for any configuration changes on the Hyland IdP server to take effect.

  3. To enable IdP authentication for Express Scanning, launch the Express Scanning executable using either command line switches or by adding the Hyland IdP authentication values to the configuration file.