Expand my Community achievements bar.

SSO Increased Security when using iFrame (Outlook 365 plugin)

Avatar

Level 9

7/3/18

The What:

"Once data is opened in an iframe, we have no control of what is done within the iframe. Also data can be read right from the form since it's the parent iframe. Is there a reason we need to use an iframe in the plugin?"

Use Case:

In our instance when the O365 plug in is used with SSO login, our users typically don't see the options normally presented post SSO login, just a blank screen or an iframe error. As our Security department is seeing that WF doesn't fully encrypt the SSO data during login.

The Why: in our instance we have more users who would benefit from using the plugin, in fact one whole dept can't be brought in due to this limitation.

5 Comments

Avatar

Level 5

7/3/18

It will be addressed in our 3rd release of this year - by the end of October. We may push it to production sooner, though. If you could send me (haykfalakyan@workfront.com) more details about the issue you are experiencing, I'll make sure to include it in our planning.

Avatar

Level 5

10/9/18

With the last update of the Outlook add-in, the SSO login page does not load inside the add-in (iframe) anymore, we have removed that. It's opened in a separate page or popup.