Nintex mobile and firewall

  • 18 December 2015
  • 15 replies
  • 22 views

Badge +5

How do you setup Nintex Mobile to work externally when your internet connection  goes through a firewall. We have published our intranet out to the internet but when we go to that page our firewall prompts us for our username and password. By entering the credentials into the Nintex Mobile application does this pass the details onto the firewall security as well? I have tried searching community site for setup / security details but haven't had any luck.

Any assistance greatly appreciated.


15 replies

Userlevel 7
Badge +17

Using Mobile, you will want to have users log into the site directly. So if a user is remote, and they try to access the url, if they are prompted by the Firewall before IIS/sharepoint, then this will be an issue. Maybe a proxy will be required in that scenario if it is in a DMZ, or allow the firewall to pass the user to the server.

Userlevel 6
Badge +12

Stephen, do you know if you have enabled Nintex Live?  If you have, you may be able to authenticate using Microsoft federation.  Easy to test:

  • Have a Microsoft account (outlook.com/live.com/Hotmail) you can use
  • Inside your intranet, click on your name | Nintex mobile apps | Register with Nintex live
  • Enter your Microsoft account details
  • Hopefully it says you registered correctly
  • Then try logging in on Nintex mobile using the Microsoft option

HTH

Badge +5

Thanks Chris, that did work. But to allow our employees to do this we don't really want to have to set them up with Microsoft accounts as well. Is there any information about setting this up without a VPN but allowing access via a firewall?

Userlevel 7
Badge +11

Nintex Mobile currently supports the following methods for communicating to the corporate SharePoint farm, using corporate credentials.

  1. Direct connectivity (if the SP farm is available through the Internet)
  2. Exposing the Ports 80/443 through your firewall, with a rule that is specific to a url
    1. http://[sharepointurl]/_vti_bin/NintexFormsServices/NfMobileAppService.svc
    2. This would mean the rest of the farm is safe behind the firewall
  3. Configuring proxy software allow these connections, but in this case, the proxy server will also need to be configured to pass through authentication.
  4. VPN
    1. In this case, the mobile device would need to be configured to connect to a VPN.  Then, the Nintex Mobile app will be able to authenticate and talk to the SP environment.
Userlevel 7
Badge +17

Stephen, Dan provides some great information on the authentication. Were you able to resolve your problems?

Badge +4

Hi @stephen,

Is your firewall configured to do Form Based Authentication?

It yes, we unfortunately dont support it yet. However you could use Dan's suggestion.

Cheers,

Userlevel 3
Badge +8

Hi there, I have a few more questions on accessing live forms. When I publish a form to live, the link it gives me directs me to a sign on screen with only personal account login options. Where's the office 365 link in this list of options?

Is there a setting on our side were we have to specify that this is for business use as well to make the office 365 option appear?

The mobile app gives us the 365 option, just not seeing it when accessing via desktop.

197455_pastedImage_1.png

197495_pastedImage_2.png

Thank you

Kassie

Userlevel 7
Badge +17

Forms Auth is now supported as of

Android: 4.2.1

iOS: 4.2.3

Windows: 4.2

Windows Phone: 4.2

 

Release Date: 27th July 2016

Feature (Windows & Windows Phone)

    • Introduction of user profile with multiple account sign in
    • Introduction of user PIN
    • Added support for Forms Based Authentication (FBA)
Userlevel 7
Badge +17

Good question Kassie, but the Live forms will be for a different use per say. Wouldn't you want your internal users to access the form directly? The Live forms gives non employee auth access to forms published outside your network, and also Anonymous options.

But you could potentially use Live to authenticate to Nintex Mobile via a Microsoft account

Userlevel 7
Badge +17

Do you still have this issue ‌?

Userlevel 3
Badge +8

True, I do want internal users to access the form directly. I think my admins would like me to test through this channel while on our network rather than log in in my personal cell. Also, we probably won't make our forms available for anonymous users but we would like our employees to be able to access the form easily on their personal devices using their 365 login.

When I have tried to log on with my cell, I am not certain what my account URL is, for the authentication step when logging in with 365. Where do I find that? Is that something my admin can provide? Where does he find this?

When I accessed the forms on mobile while on our network, I put in the URL for our farm. I try that now and I get a server error. "The server you are trying to connect to is unavailable"

What do we need to set up? I'm not familiar with anything on the server side and the people who are familiar need help in knowing how to set this up using 365 login so we can login with our federated accounts. 

I've sent them links to posts on here with no luck. 

Thanks

Kassie

Userlevel 6
Badge +12

Hi Kassie, check out the Signing in with Office 365 account section in this document.  That will give you some URL formats to try.  Most of the time you should be able to use your o365 tenant as that will give you access to all forms.  i.e. https://yourTenantName.sharepoint.com

Also please check that you haven't published your form to your personal area of SharePoint as it won't be rendered in Nintex Mobile.  You can tell if you're in your personal area if you have my.sharepoint.com in the URL.

Cheers,

Chris

Userlevel 3
Badge +8

Are you saying that we have to be on SharePoint Online to use the 365 sign on option?

We are currently on prem.

Thanks

Kassie

Badge +11

‌, did any of these solutions solve your problem? If so, can you mark it correct so it any other users who have the same question can find the solution.

Thanks,

Lisa

Userlevel 6
Badge +12

Ah.  If you're using on-prem then you'll need to use a different method.  The o365 sign-in option is only for use when you want to sign into SharePoint online.

What do you mean by "365 login"?  Are they your "usual" corporate credentials?  e.g. from Active Directory?  If so you'll need to make sure the network the mobile phones are on is allowed to talk to your SharePoint server.  If you're connecting via your corporate WiFi then it probably is.  If you're connecting via your mobile provider or outside the organisation then it probably isn't.  That's when you'd need to make firewall changes or use a VPN.  Check out this post for more information.

Cheers,

Chris

Reply