Skip to main content

Updated

 

Please refer to this KB article  https://support.nintex.com/Mobile/Other/How_to_expose_Nintex_Mobile_through_your_firewall 

Last week I was at the Nintex InspireX conference in Las Vegas, and I have to say that it was one of the better conferences I've attended in the last 9 or so years, since jumping ship from being a Lotus Domino guy to a SharePoint Guy. Now I'm not being bias being a Nintex employee, or because I was a speaker. As we were treated no differently than anyone else. It was the experience of everyone being open, and the accessibility of customers and partners for frank discussions. The feedback was constructive, which I truly appreciated, and I thank you all that attended that spoke with me and or any of my colleagues.. There were some golden nuggets of information I took away.

 

One of these items was something I saw as soon as myself and Tim Walwyn presented the Nintex Mobile session on the first day. A lot of people approached me during the conference, and stated "We love what Nintex Mobile can do and we really, really want to use it. But we can't use Nintex Live for authentication, and we can't access SharePoint from the internet"

 

Over and over I was being told this or slight variants of.

 

The different login types are: (Detailed)

Auth type Usage Information needed to sign in
Microsoft SharePoint server (supported for Nintex Forms 2013 and Nintex Forms 2010 only)

Credentials: Microsoft account that is registered with Nintex Live.

SharePoint URL.

Optional: Domain.

Office 365 Office 365 environment

Credentials: One of the following account types.

  • Office 365 account
  • Organizational account (requires Active Directory Federation Services (ADFS) authentication with Microsoft NT LAN manager (NTLM))

SharePoint

On-premises SharePoint server

Credentials: Corporate network account.

Tenancy URL.

 

Where things get a little confusing is for the type 'Microsoft'. This scenario normally means that your SharePoint farm isn't exposed to the outside world. This is OK, and it is fairly common. The easiest way for Nintex to address this was to provide a middle tier to handle this use case. Enter Nintex Live and a Microsoft Account. Now would allowing more Auth providers solve the issue of not having a MS account for this to work ? Probably not. The IT departments of the world don't want to have a bar of it.

 

So the question remains, how can we connect to Nintex Mobile which is out in the big wide world, to our SharePoint servers for authentication which are contained within the corporate firewall.?

This may not solve all disagreements with IT, but hopefully this will resolve some of the blockers with the IT Admins. For the 2 examples below, the Nintex Live component / Microsoft account are not needed.

 

  • Tunnel
    • Expose the Ports 80/443 (Hopefully your doing everything over 443 happy.png ) through your firewall, with a rule that is specific to this internal URL:
    • This would mean the rest of the farm is safe behind the firewall
    • Configuring your proxy/gateway (e.g. Cisco / Sophos / Sonicwall / Barracuda etc ) server / hardware to allow this service URL through. The proxy/gateway server / hardware will also need to be configured to allow pass through authentication.
    • This will allow Nintex Mobile to pass through your corporate credentials to Authentication and interact with SharePoint.
  • VPN
    • The mobile device would need to be configured to connect to the corporate VPN.  Once the VPN is connected, Nintex Mobile will be able to authenticate and talk to the SP environment.

 

I hope this opens up a couple more ways in which you can get Nintex Mobile in to the mix within your organisation. If there are other ways you believe we could do, let us know on the uservoice website here

 

Until next time..  Happy Nintexing

Dan Stoll this is really useful information. i had the same questions in mind and was trying to find the answers. I think the solutions you provided will make greater sense as more and more people / companies started realizing benefits of Nintex Mobile.


Hi Dan

Thank you for the above, very useful and working nicely except for the following.

We have done as suggested and opened the following to the internet:

Currently trying to use a date time validation which does not work (no matter what validation method I try), is there another piece that you are ware of that requires to be internet facing as well?

Thanks

Rob 


Hi Nintex,

What does I am suppose to do for below step as sharepoint Admin....

  • Configuring your proxy/gateway (e.g. Cisco / Sophos / Sonicwall / Barracuda etc ) server / hardware to allow this service URL through. The proxy/gateway server / hardware will also need to be configured to allow pass through authentication.

Hi Hermant

You will need your infrastructure team (or whoever looks after your firewall and netscalers etc) to take care of this.

They will need to be the ones to handle this, not the SharePoint Administrator.

Thanks

Rob


Thanks


Reply