Front Office Scanning requires the OnBase Application Server to communicate with OnBase. You must also configure the Application Server to use IdP authentication. See Configuring the Application Server to Use IdP Authentication.
To configure Front Office Scanning to use the Hyland IdP server for authentication:
-
Configure a client connection on the Hyland IdP server for Front Office Scanning to use.
Tip:
If you have already configured a client connection for use with Disconnected Scanning or Express Scanning, the same client connection can be used for Front Office Scanning. Complete details on configuring a client connection on the Hyland IdP server are documented in the separate Identity and Access Management Services documentation. Version compatibility with OnBase Foundation releases is documented in the Version section of that documentation.
The client connection must have the following settings, as well as any standard required settings. All other settings can be left with the default values.
Setting
Value
Protocol Type
oidc
Redirect URLs
The URL of the Service.asmx page of the OnBase Application Server. This value must be all lowercase.
For example, if your domain is my.domain, the OnBase Application Server application is named AppServer, and the environment is configured for secure connections, then the value is: https://my.domain/appserver/service.asmx
Allowed Grant Types
Authorization Code
Allowed Scopes
-
openid
-
onbaseapi
-
offline_access
Allow clients to request a refresh token
This option must be selected.
Post Logout Redirect URLs
This value does not need to be configured for Front Office Scanning.
Pkce
Select Require PKCE
Secret
Do not select Client Secret must be present
-
-
After saving the client connection, copy the Client ID value to the clipboard by clicking the icon at the right of the Client ID field.
Tip:Recycle the application pool of the Hyland IdP server in IIS for any configuration changes on the Hyland IdP server to take effect.
-
Open the XML configuration file used by Front Office Scanning in a plain-text editor.
Note:
These instructions assume that Front Office Scanning is already installed and functioning. For details on setting a configuration file for use with Front Office Scanning, see the Front Office Scanning module reference guide.
-
Add the following attributes and values to the CommParams element.
Note:
Attribute names in XML are case sensitive.
Attribute
Value
IdpPath
The endpoint of the Hyland IdP server without the tenant. This value is case sensitive.
For example, if your domain is my.domain, the Hyland IdP application name is identityprovider, and the environment is configured for secure connections, then the value is: https://my.domain/identityprovider
IdpTenant
The name of the tenant on the Hyland IdP server. This value is case sensitive.
IdpClientId
Paste the client ID value you copied from the Hyland IdP server into the value of the IdpClientId attribute. This is the unique ID of the client on the Hyland IdP server configured for use with Front Office Scanning. This value is case sensitive and must match exactly the value on the Hyland IdP server.
IdpRedirectUri
The URL of the Service.asmx page of the OnBase Application Server.
This value must be all lowercase and the same as the value configured in the Redirect URLs for the client connection on the Hyland IdP server.
For example, an unconfigured CommParams element with Hyland IdP authentication attributes added looks like this:
<CommParams dbname="" url="" IdpPath="" IdpTenant="" IdpClientId="" IdpRedirectUri="">
- Save and close the configuration file.
When Front Office Scanning is launched with the configuration settings added, the Hyland IdP server is used for authentication.
If other login attributes are also configured, they are not respected when Hyland IdP authentication is configured.