SSO Increased Security when using iFrame (Outlook 365 plugin) | Community
Skip to main content
J
JohnSe1
Level 6
July 3, 2018
New

SSO Increased Security when using iFrame (Outlook 365 plugin)

  • July 3, 2018
  • 5 replies
  • 789 views

The What:

"Once data is opened in an iframe, we have no control of what is done within the iframe. Also data can be read right from the form since it's the parent iframe. Is there a reason we need to use an iframe in the plugin?"

Use Case:

In our instance when the O365 plug in is used with SSO login, our users typically don't see the options normally presented post SSO login, just a blank screen or an iframe error. As our Security department is seeing that WF doesn't fully encrypt the SSO data during login.

The Why: in our instance we have more users who would benefit from using the plugin, in fact one whole dept can't be brought in due to this limitation.

    5 replies

    F
    feleqyan
    Level 4
    July 3, 2018

    Thanks for bringing this up, John! This is a known issue, we have a planned fix on our roadmap.

    J
    JohnSe1Author
    Level 6
    July 3, 2018

    Hayk - good to see you again! Do you have an idea of timeline on this, especially being a security concern?

    F
    feleqyan
    Level 4
    July 3, 2018

    It will be addressed in our 3rd release of this year - by the end of October. We may push it to production sooner, though. If you could send me (haykfalakyan@workfront.com) more details about the issue you are experiencing, I'll make sure to include it in our planning.

    J
    jason.carter
    September 28, 2018

    Was this issue addressed in November 18.3 plans? This was last addressed in July. Please advise. thank you!

    F
    feleqyan
    Level 4
    October 9, 2018

    With the last update of the Outlook add-in, the SSO login page does not load inside the add-in (iframe) anymore, we have removed that. It's opened in a separate page or popup.

    Terms & ConditionsAccessibility statement

    Loading footer...