Operator default connection zone when created through Federated login

Avatar

Avatar

IainOllerenshaw

Avatar

IainOllerenshaw

IainOllerenshaw

08-12-2020

First post, hope to be one of many!

 

We have deployed Federated Authentication in Adobe Campaign Classic v7, using our Azure AD platform. It's working well.

 

One problem we have is that when a new user logs in for the first time, having been set up in our Adobe Admin Console, the operator that's created is defaulted to the "Private" connectivity zone. Generally this would be fine but, like many organisations, we have a large number of users working from home and they have dynamic IPs allocated by their ISPs. We can, of course, "Allow List" them, let them log in, and then update the operator to set it into the "Public" connectivity zone, but it's a bit of a faff and we've had a few users dynamic IPs change by the time we've got around to setting them up and getting them logged in.

 

Anyone out there using Federated logins with Campaign Classic, and found a way to amend operator defaults?

 

Thanks!

View Entire Topic

Avatar

Avatar

Darren_Bowers

MVP

Avatar

Darren_Bowers

MVP

Darren_Bowers
MVP

09-12-2020

Hi @IainOllerenshaw - we use Federated logins and you don't have a lot of choice - you either get a management nightmare whitelisting all the home IPs or you open your instance up to the world. Whitelisting is required by Adobe-hosted Campaign instances as they do not allow public access and require you to whitelist all IPs within the Control Panel.

One practical way to do this is by using a corporate VPN with split tunneling. This means that the VPN can be configured so the traffic for Campaign goes down the VPN and all other traffic uses the normal home WAN connection. This frees up traffic on the VPN so it doesn't bottleneck while everyone watches Youtube while working from home.

The VPN traffic emerges as a single IP or block of IP addresses that you can then easily whitelist on the server or in Control Panel. Its a bit tricky because you need to capture all the IMS domains used by Campaign as well as any potential image hosting locations in the VPN PAC file. But once you set this up, as long as the user is connected to the VPN they can then access Campaign with your global whitelist in place.

If there is only a few users, then you can probably just configure a VPN without split-tunneling but all user traffic will go through it so you would need a fairly robust VPN set up with plenty of bandwidth.

Cheers

Darren