dan.stoll

Break on through the firewall for Nintex Mobile

Blog Post created by dan.stoll Employee on Mar 7, 2016

Updated

Last week I was at the Nintex InspireX conference in Las Vegas, and I have to say that it was one of the better conferences I've attended in the last 9 or so years, since jumping ship from being a Lotus Domino guy to a SharePoint Guy. Now I'm not being bias being a Nintex employee, or because I was a speaker. As we were treated no differently than anyone else. It was the experience of everyone being open, and the accessibility of customers and partners for frank discussions. The feedback was constructive, which I truly appreciated, and I thank you all that attended that spoke with me and or any of my colleagues.. There were some golden nuggets of information I took away.

 

One of these items was something I saw as soon as myself and Tim Walwyn presented the Nintex Mobile session on the first day. A lot of people approached me during the conference, and stated "We love what Nintex Mobile can do and we really, really want to use it. But we can't use Nintex Live for authentication, and we can't access SharePoint from the internet"

 

Over and over I was being told this or slight variants of.

 

The different login types are: (Detailed)

Auth typeUsageInformation needed to sign in
MicrosoftSharePoint server (supported for Nintex Forms 2013 and Nintex Forms 2010 only)

Credentials: Microsoft account that is registered with Nintex Live.

SharePoint URL.

Optional: Domain.

Office 365Office 365 environment

Credentials: One of the following account types.

  • Office 365 account
  • Organizational account (requires Active Directory Federation Services (ADFS) authentication with Microsoft NT LAN manager (NTLM))

SharePoint

On-premises SharePoint server

Credentials: Corporate network account.

Tenancy URL.

 

Where things get a little confusing is for the type 'Microsoft'. This scenario normally means that your SharePoint farm isn't exposed to the outside world. This is OK, and it is fairly common. The easiest way for Nintex to address this was to provide a middle tier to handle this use case. Enter Nintex Live and a Microsoft Account. Now would allowing more Auth providers solve the issue of not having a MS account for this to work ? Probably not. The IT departments of the world don't want to have a bar of it.

 

So the question remains, how can we connect to Nintex Mobile which is out in the big wide world, to our SharePoint servers for authentication which are contained within the corporate firewall.?

This may not solve all disagreements with IT, but hopefully this will resolve some of the blockers with the IT Admins. For the 2 examples below, the Nintex Live component / Microsoft account are not needed.

 

  • Tunnel
    • Expose the Ports 80/443 (Hopefully your doing everything over 443 ) through your firewall, with a rule that is specific to this internal URL:
    • This would mean the rest of the farm is safe behind the firewall
    • Configuring your proxy/gateway (e.g. Cisco / Sophos / Sonicwall / Barracuda etc ) server / hardware to allow this service URL through. The proxy/gateway server / hardware will also need to be configured to allow pass through authentication.
    • This will allow Nintex Mobile to pass through your corporate credentials to Authentication and interact with SharePoint.
  • VPN
    • The mobile device would need to be configured to connect to the corporate VPN.  Once the VPN is connected, Nintex Mobile will be able to authenticate and talk to the SP environment.

 

I hope this opens up a couple more ways in which you can get Nintex Mobile in to the mix within your organisation. If there are other ways you believe we could do, let us know on the uservoice website here

 

Until next time..  Happy Nintexing

Outcomes