#dominoforever | Product Ideas Portal

 

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Support for Azure Hybrid Join Conditional Access Policies

Our corporation requires hybrid joined devices (devices are registered in both Azure AD and AD). This is native functionality in Windows 10, and is supported with the installation of an additional agent in down-level Windows devices.

We leverage conditional access policies for our Azure authentication, to ensure that all users are coming from devices which we manage. Authentications done through the Edge browser are able to access the Hybrid Join token, and pass the conditional access policy.

Google Chrome does not support this natively and requires an add-in to function.

It appears that that Xulrunner browser that the Notes client uses for the Azure authentication process is also unable to natively access this information. The error in Azure indicates that no information regarding device details were available. When disabling the policy, SAML login functions as expected.

Unfortunately, this makes it impossible for us to adopt SAML login, since we would have to exempt Notes from our security policies.

Is this something we could have added?

https://docs.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-join-hybrid

https://chrome.google.com/webstore/detail/windows-10-accounts/ppnbnpeolgkicgegkbkbjmhlideopiji

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Jun 4 2020
  • Needs review
  • Attach files