OnBase Studio can be configured to use Hyland IdP authentication.
Depending on the Connection Type used, OnBase Studio may require the OnBase Application Server to communicate with OnBase. You must also configure the Application Server to use IdP authentication. See Configuring the Application Server to Use IdP Authentication.
To configure OnBase Studio to use the Hyland IdP server for authentication:
-
Configure a client connection on the Hyland IdP server for OnBase Studio to use.
Tip:
If you have already configured a client connection for use with the OnBase Unity Client, the same client connection can be used for OnBase Studio. Complete details on configuring a client connection on the Hyland IdP server are documented in the separate Identity and Access Management Services documentation. Version compatibility with OnBase Foundation releases is documented in the Version section of that documentation.
The client connection must have the following settings, as well as any standard required settings. All other settings can be left with the default values.
Setting
Value
Protocol Type
oidc
Redirect URLs
The URL of the Service.asmx page of the OnBase Application Server configured for use with the IdP authentication. This value must be all lowercase.
Allowed Grant Types
Authorization Code
Allowed Scopes
openid
Post Logout Redirect URLs
The same URL as the Redirect URLs value. This value must be all lowercase.
Pkce
Select Require PKCE
Secret
Do not select Client Secret must be present
-
After saving the client connection, copy the Client ID value to the clipboard by clicking the icon at the right of the Client ID field.
Tip:
Recycle the application pool of the Hyland IdP server in IIS for any configuration changes on the Hyland IdP server to take effect.
- Open the obstudio.exe.config file of OnBase Studio for editing in a plain-text editor. In a default installation, this file is located in the Studio directory at C:\Program Files (x86)\Hyland\.
-
Locate the <IdP> element and uncomment the add element under New Hyland Idp.
-
Update the values of the following attributes.
Attribute
Value
FriendlyName
A user-friendly name for this connection. This name is displayed in the Authentication | Type drop-down list when the user is prompted for login credentials.
IdpPath
The endpoint of the Hyland IdP server without the tenant. This value is case sensitive.
For example, if your domain is my.domain, the Hyland IdP application name is identityprovider, and the environment is configured for secure connections, then the value is: https://my.domain/identityprovider
Tenant
The name of the tenant on the Hyland IdP server. This value is case sensitive.
ClientId
Paste the client ID value you copied from the Hyland IdP server into the value of the ClientId attribute.
This is the unique ID of the client on the Hyland IdP server configured for use with OnBase Studio. This value is case sensitive and must match exactly the value on the Hyland IdP server.
RedirectUri
The URL of the Service.asmx page of the OnBase Application Server. This value must be the same as the Redirect URL configured for the client connection on the Hyland IdP server. This value must be all lowercase.
-
If OnBase Studio is using a Local Data Source
connection, do the following:
-
Locate the Hyland.Authentication element and
uncomment the accessTokenValidation element under
it.
-
Update the values of the following attributes.
Attribute
Value
idp
The endpoint of the Hyland IdP server without the tenant. This value is case sensitive and should match the IdpPath value.
For example, if your domain is my.domain, the Hyland IdP application name is identityprovider, and the environment is configured for secure connections, then the value is: https://my.domain/identityprovider
audience
The resources endpoint of the Hyland IdP server configured as the idp value. This value is case sensitive.
For example, if your domain is my.domain, the Hyland IdP application name is identityprovider, and the environment is configured for secure connections, then the value is: https://my.domain/identityprovider/resources
apiName
Paste the client ID value you copied from the Hyland IdP server into the value of the apiName attribute.
This is the unique ID of the client on the Hyland IdP server configured for use with OnBase Studio. This value is case sensitive and should match the ClientId value.
nameClaimType
The claim in the access token that contains the user name of the user logging in. The default value is username.
-
Locate the Hyland.Authentication element and
uncomment the accessTokenValidation element under
it.
- Save and close the obstudio.exe.config file.
The next time a user logs in, the configured Hyland IdP connection is available in the Authentication | Type drop-down list as the FriendlyName value. When the user selects that connection, the Hyland IdP is used to authenticate them.