Configuring the Unity Client, MRM Unity Client, and Office Business Application for AD FS - Legacy Authentication Methods - Foundation 23.1 - Foundation 23.1 - Ready - OnBase - Essential - Premier - Standard - external - Standard - Essential - Premier

Legacy Authentication Methods

Platform
OnBase
Product
Legacy Authentication Methods
Release
Foundation 23.1
License
Standard
Essential
Premier
CAUTION:

When using the Click-Once Installer, AD FS must be configured before signing the deployment. Any custom changes to the client configuration file must be made before clicking Next at the Deployment Signing dialog box. If you are running the Click-Once Installer in Advanced Mode, you still have the option to edit files in the deployment folder at the File Edit Notification dialog box that is displayed after the Deployment Signing dialog box.

In order to configure the Unity Client, Medical Records Unity Client, or Office Business Application add-ins to use AD FS Authentication, you must first set up the Application Server to use AD FS.

After the Application Server has been configured for AD FS Authentication, the following steps must be completed to configure the Unity Client, Medical Records Unity Client, or Office Business Application add-ins to use AD FS Authentication:

  1. Open the configuration file for the Unity Client, Medical Records Unity Client, or Office Business Application add-in.
  2. In the configSections node, ensure the Hyland.Authentication section is uncommented.
    <section name="Hyland.Authentication" type="Hyland.Authentication.Configuration.AuthenticationConfigurationSection, Hyland.Authentication" />
  3. In the ServiceLocations element, update the following attributes to these values:

    UseNTAuthentication="false"

    UseADFS="true"

  4. Uncomment the system.web and Hyland.Authentication elements at the end of the configuration file.
  5. Locate the adfsEndpointAddress element and update its value to the URL for your AD FS Server Endpoint.
  6. Locate the appliesTo element and update its value to the match the audienceUris value in the web.config file of the Application Server.

    If the Unity Client, Medical Records Unity Client, or Office Business Application add-in needs to authenticate via an AD FS proxy server that is not joined to the domain, the following additional steps are necessary:

  7. In the Unity Client Medical Records Unity Client, or Office Business Application add-in configuration file, locate the Hyland.Authentication element.
  8. Set the forceNTLM attribute in the wsTrust child element to true.
  9. Make sure the trustVersion is set to WSTrustFeb2005.
  10. Make sure the adfsEndpointAddress reflects the address of the WSTrustFeb2005 endpoint. For example, https://My-ADFS-Server/adfs/services/trust/2005/windowstransport
  11. Make sure that the AD FS server is correctly configured to use NTLM. The following settings should have the following values:
    • ExtendedProtectionTokenCheck: none

    • NTLMOnlySupportedClientAtProxy: true

    Tip:

    For details on updating AD FS server and proxy settings, see the Set-ADFSProperties page of the AD FS Cmdlets area on the Microsoft TechNet.