cancel
Showing results for 
Search instead for 
Did you mean: 

Authentication Method on IIS

SandeepSatish
Level 5

Hello ,

I am looking to set up additional authentication in IIS layer for decipher web client as below.

  1. Restrict access to only certain AD group. 

  2. Request users to enter their AD username & password before Decipher web client login page loads.

Is there a documentation around it from Blueprism ? Or has anyone implemented this and faced any challenges.



------------------------------
Sandeep Satish
Asia/Kolkata
------------------------------
4 REPLIES 4

BenLyons
Staff
Staff

Hi Sandeep,

This isn't a direct answer to your question, however Decipher 2.2 is targeted to support AD integration via SAML authentication. This may help resolve your challenge here.

This is targeted to be released in Q1 2023 and is currently in our pre-release test phase.

Regards



------------------------------
Ben Lyons
Senior Product Specialist - Decipher
Blue Prism
UK based
------------------------------
Ben Lyons Senior Product Specialist - Decipher SS&C Blue Prism UK based

Hi Ben,
I want to explore this in parallel to tighten the security, and later upgrade to 2.2 . I am hoping this would work for us in the interim .


LukasRamasauska
Level 5

Hi, Satish,

It is possible to set a list of users in IIS, who can access the Decipher's Web-page in general. So if somebody shares their credentials, but person is not "whitelisted" in IIS, person can't reach login page and that's good.

We managed to get this layer of security by enabling Windows Authentication in IIS for Decipher, and by creating a rule who can access it. The biggest inconvenience is that users have to be listed in one line, and AD group not possible to add (at least we haven't found a way yet).




------------------------------
Lukas Ramasauskas
RPA Software Engineer / Robotic Solutions Architect
Swedbank AB
Europe/Vilnius
------------------------------

Hi Lucas ,
Thanks for your response. I did find a way to set this up.

1. Enable windows authentication with "Negotiate"
2. Enable URL authentication and add AD group as part of Allow group. Only the users who are part of the AD group are allowed to reach the login page.

This seems to be working. 



------------------------------
Sandeep Satish
Asia/Kolkata
------------------------------