Additional Information on Azure Integration

SOAP services support

WorkflowGen only supports requests to the SOAP API using classic authentication methods. If you still need to use this API, you have to perform some additional steps to configure it properly.

  1. Create a new separate WorkflowGen directory for the SOAP API users.

  2. Provision it with users and groups as needed.

  3. In the IIS Manager, enable the Basic authentication method for the ws application.

About session management

Azure Active Directory supports OpenID Connect Session Management, an extension draft standard, in addition to the core OpenID Connect standard. This standard defines the rules to handle SSO session of the provider from the client. An example use is that if a user logs out of their Azure AD session from any device, a regular web client will receive a message that enables it to remove the same user's local session. WorkflowGen supports this feature when activating delegated authentication with Azure AD.

Configurable options

This table lists all configurable options in WorkflowGen that you can use to customize your authentication experience; these are located in the WorkflowGen web.config file.

Option

Description

ApplicationSecurityAuthSessionTokenCookie

The name of the session cookie that is generated by the authentication module. Default: wfgen_token Note: This is useful when you have multiple instances of WorkflowGen running and you want to have access to both and be authenticated on both instances at the same time.

ApplicationSecurityAuthSessionTimeOut

The duration of the session in seconds. It defaults to the ID token expiration time received. Default: the exp value of the ID token

ApplicationSecurityAuthMobileSessionTimeOut

The duration of the session in seconds when requested from mobile devices on the token endpoint. Default: 7200 seconds

Current limitations

  • If the WorkflowGen User Portal or Administration Module is displayed without the main header menu, this feature will not work. For example, this scenario could happen when the portal home page or a request follow-up form is displayed inside an IFrame in an external solution.

  • The GraphiQL module (/wfgen/graphql) doesn't support session management when displayed in a browser.