Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authentication Method on IIS

SandeepSatish
Level 5

‎16-03-23 10:02 PM

Hello ,

I am looking to set up additional authentication in IIS layer for decipher web client as below.

  1. Restrict access to only certain AD group. 

  2. Request users to enter their AD username & password before Decipher web client login page loads.

Is there a documentation around it from Blueprism ? Or has anyone implemented this and faced any challenges.



------------------------------
Sandeep Satish
Asia/Kolkata
------------------------------
0 Likes
4 REPLIES 4

Ben.Lyons1
Staff
Staff

‎20-03-23 08:23 AM

Hi Sandeep,

This isn't a direct answer to your question, however Decipher 2.2 is targeted to support AD integration via SAML authentication. This may help resolve your challenge here.

This is targeted to be released in Q1 2023 and is currently in our pre-release test phase.

Regards



------------------------------
Ben Lyons
Senior Product Specialist - Decipher
Blue Prism
UK based
------------------------------
Ben Lyons
Principal Product Specialist - Decipher
SS&C Blue Prism
UK based
0 Likes

SandeepSatish
Level 5
In response to Ben.Lyons1

‎20-03-23 08:57 AM

Hi Ben,
I want to explore this in parallel to tighten the security, and later upgrade to 2.2 . I am hoping this would work for us in the interim .


0 Likes

LukasRamasauskas
Level 5

‎12-05-23 08:00 AM

Hi, Satish,

It is possible to set a list of users in IIS, who can access the Decipher's Web-page in general. So if somebody shares their credentials, but person is not "whitelisted" in IIS, person can't reach login page and that's good.

We managed to get this layer of security by enabling Windows Authentication in IIS for Decipher, and by creating a rule who can access it. The biggest inconvenience is that users have to be listed in one line, and AD group not possible to add (at least we haven't found a way yet).




------------------------------
Lukas Ramasauskas
RPA Software Engineer / Robotic Solutions Architect
Swedbank AB
Europe/Vilnius
------------------------------
0 Likes

SandeepSatish
Level 5
In response to LukasRamasauskas

‎12-05-23 08:06 AM

Hi Lucas ,
Thanks for your response. I did find a way to set this up.

1. Enable windows authentication with "Negotiate"
2. Enable URL authentication and add AD group as part of Allow group. Only the users who are part of the AD group are allowed to reach the login page.

This seems to be working. 



------------------------------
Sandeep Satish
Asia/Kolkata
------------------------------
0 Likes