Modern authentication

Modern authentication

To use modern authentication in your eCopy ShareScan connectors, email watchers and notification service, you need to perform a configuration process that combines tasks in the Token Vault tool as well as in the eCopy ShareScan Administration Console and third-party interfaces.

It is a complex process therefore it is advised that you familiarize yourself with the high-level view as well as individual configuration tasks.

Overview

  1. Ensure that you have Token Vault installed along with eCopy ShareScan. (Verify if you must install the two programs on different servers - this depends on your deployment scenario).
  2. Configure the Token Vault application.
  3. As the use of modern authentication requires active end-user participation (in the authorization step on the Token Vault Available authorization providers page) it is a best practice to clearly communicate this task and set expectations - especially if an end-user tries to use connectors with modern authentication and fails. To provide guidance in such situations ensure that you configure the ShareScan Notification service and turn it on for
    • NetDocuments connector profiles
    • Exchange connector profiles configured with Exchange Online and modern authentication
    • SharePoint connector profiles configured with SharePoint Online and modern authentication
    • iManage Worksite connector profiles configured with iManage Cloud or iManage Work 10.3 or later and REST API protocol (modern authentication (OAuth2)
    • SMTP via LDAP connector profiles configured with Google's Gmail SMTP server
    so that ShareScan can send a notification email to the user with instructions on the necessary actions. This email contains the Token Vault URL, where the authorization steps should be performed by users.
    As access tokens might expire during extended idle periods for the connector, end-users may need to perform the authorization steps again at a later time.

Tasks to complete to use Modern Authentication in an Exchange, a Fax via Exchange or a SharePoint eCopy connector

  1. Go to the Microsoft Identity Platform (Azure Active Directory) admin center associated with your Microsoft 365 subscription, and register a Microsoft 365 application for Token Vault.

    This step enables Token Vault to get authentication tokens for applications - such as eCopy ShareScan connectors.

  2. Log in to Token Vault as an administrator, select the Manage authorization providers page, and register a new Authorization Provider for Microsoft 365 cloud provider.

    In this step, Token Vault generates an Authorization Provider ID that you will need to use when configuring your workflow in the eCopy Administration Console.

  3. Enable the new Authorization Provider, and then authorize it on the Available authorization providers page.
  4. Launch the ShareScan Administration Console, go to Tools and specify Token Vault Settings (using the Authorization Provider ID that Token Vault generated previously).
  5. Still in the Administration Console, enable Modern authentication for your Exchange, or Fax via Exchange connector via the setting Use Exchange Online with modern authentication or SharePoint connector via the setting Enable modern authentication and configure accordingly.

    At this point, you are ready to invite your end-users to carry out their own authorization step through Token Vault. Once this end-user authorization step is complete, the use of modern authentication in the supported connectors is operational.

Tasks to complete to use a NetDocuments connector

  1. Go to the NetDocuments portal, and register an application for Token Vault.

    This step enables Token Vault to get authentication tokens for applications - such as eCopy ShareScan connectors.

  2. Log in to Token Vault as an administrator, and register a new Authorization Provider for NetDocuments cloud provider.

    In this step, Token Vault generates an Authorization Provider ID that you need to use while you are configuring Token Vault through the eCopy Administration Console.

  3. Enable the new Authorization Provider, and then authorize it on the Available authorization providers page.
  4. Launch the ShareScan Administration Console, go to Tools and specify Token Vault Settings (using the Authorization Provider ID that Token Vault generated previously).
  5. Still in the Administration Console, configure your NetDocuments connector.

    (In the NetDocuments connector, modern authentication is the only available authentication method).

    At this point, you are ready to invite your end-users to carry out their own authorization step through Token Vault. Once this end-user authorization step is complete, the use of modern authentication in the supported connectors is operational.

Tasks to complete to use Modern Authentication in an iManage Worksite connector

  1. Contact Kofax Support using your regular method to open an escalation with the title "cloudimanage.com Token Vault iManage Application registration" in case of an iManage Cloud server on cloudimanage.com, or go to the iManage Control Center and register an application for Token Vault.

    This step enables Token Vault to get authentication tokens for applications.

  2. Log in to Token Vault as an administrator, and register a new Authorization Provider for iManage Work (cloud) provider.

    In this step, Token Vault generates an Authorization Provider ID that you need to use while you are configuring Token Vault through the eCopy Administration Console.

  3. Enable the new Authorization Provider, and then authorize it on the Available authorization providers page.
  4. Launch the ShareScan Administration Console, go to Tools and specify Token Vault Settings (using the Authorization Provider ID that Token Vault generated previously).
  5. Still in the Administration Console, enable Modern Authentication for your Worksite connector by selecting REST API as the Protocol setting value and configure accordingly.

    At this point, you are ready to invite your end-users to carry out their own authorization step through Token Vault. Once this end-user authorization step is complete, the workflow with modern authentication is ready to use.

Tasks to complete to use a SMTP via LDAP connector configured with Google's Gmail SMTP server

  1. Go to the Google Cloud Platform Console portal, and register an application for Token Vault.

    This step enables Token Vault to get authentication tokens for applications - such as eCopy ShareScan connectors.

  2. Log in to Token Vault as an administrator, and register a new Authorization Provider for Google cloud provider with Gmail scope set.

    In this step, Token Vault generates an Authorization Provider ID that you need to use while you are configuring Token Vault through the eCopy Administration Console.

  3. Enable the new Authorization Provider, and then authorize it on the Available authorization providers page.

  4. Launch the ShareScan Administration Console, go to Tools and specify Token Vault Settings (using the Authorization Provider ID that Token Vault generated previously).

  5. Still in the Administration Console, configure your SMTP via LDAP connector with Google's Gmail SMTP server.

    (If SMTP via LDAP connector is configured with Google's Gmail SMTP server, modern authentication is the only available authentication method).

    At this point, you are ready to invite your end-users to carry out their own authorization step through Token Vault. Once this end-user authorization step is complete, the use of SMTP via LDAP connector configured with Google's Gmail SMTP server is operational.

Tasks to complete to use Modern Authentication in email inbox watchers via POP3/IMAP using Microsoft 365 POP/IMAP server

  1. Go to the Microsoft Identity Platform (Azure Active Directory) admin center associated with your Microsoft 365 subscription, and register a Microsoft 365 application for Token Vault.

    This step enables Token Vault to get authentication tokens for applications - such as eCopy ShareScan email inbox watchers.

  2. Log in to Token Vault as an administrator, select the Manage authorization providers page, and register a new Authorization Provider for Microsoft 365 cloud provider.

    In this step, Token Vault generates an Authorization Provider ID that you will need to use when configuring your workflow in the eCopy Administration Console.

  3. Enable the new Authorization Provider, and then authorize it on the Available authorization providers page.
  4. Launch the ShareScan Administration Console, go to Tools and specify Token Vault Settings (using the Authorization Provider ID that Token Vault generated previously).
  5. Still in the Administration Console, enable Modern authentication for your email inbox watcher via POP3 or your email inbox watcher via IMAP via the E-Mail Server, Port, Security and Use Modern Authentication watcher settings and configure accordingly.

    Once the configuration steps are complete, the workflow with modern authentication is ready to use.

Tasks to complete to use Modern Authentication in Notification service using Microsoft 365 SMTP server

  1. Go to the Microsoft Identity Platform (Azure Active Directory) admin center associated with your Microsoft 365 subscription, and register a Microsoft 365 application for Token Vault.

    This step enables Token Vault to get authentication tokens for applications - such as eCopy ShareScan Notification service.

  2. Log in to Token Vault as an administrator, select the Manage authorization providers page, and register a new Authorization Provider for Microsoft 365 cloud provider.

    In this step, Token Vault generates an Authorization Provider ID that you will need to use when configuring your workflow in the eCopy Administration Console.

  3. Enable the new Authorization Provider, and then authorize it on the Available authorization providers page.
  4. Launch the ShareScan Administration Console, go to Tools and specify Token Vault Settings (using the Authorization Provider ID that Token Vault generated previously).
  5. Still in the Administration Console, enable Modern authentication for your Notification service via the SMTP Server type, SMTP Server, SMTP server port, Secure SMTP and SMTP Server Authentication settings and configure with Microsoft 365 SMTP server accordingly.

    Once the configuration steps are complete, the workflow with modern authentication is ready to use.

Tasks to complete to use Modern Authentication in Notification service using Google's Gmail SMTP server

  1. Go to the Google Cloud Platform Console portal, and register a Google application for Token Vault.

    This step enables Token Vault to get authentication tokens for applications - such as eCopy ShareScan Notification service.

  2. Log in to Token Vault as an administrator, select the Manage authorization providers page, and register a new Authorization Provider for Google cloud provider.

    In this step, Token Vault generates an Authorization Provider ID that you will need to use when configuring your workflow in the eCopy Administration Console.

  3. Enable the new Authorization Provider, and then authorize it on the Available authorization providers page.

  4. Launch the ShareScan Administration Console, go to Tools and specify Token Vault Settings (using the Authorization Provider ID that Token Vault generated previously).

  5. Still in the Administration Console, enable Modern authentication for your Notification service via the SMTP Server type, SMTP Server, SMTP server port, Secure SMTP and SMTP Server Authentication settings and configure with Google's Gmail SMTP server accordingly.

    Once the configuration steps are complete, the workflow with modern authentication is ready to use.

To ensure that you can quickly orient yourself in reference to where you currently are in the overall process, relevant help topics in the current documentation use the following visual aids:

Perform the steps in this topic at the Microsoft Identity Platform (Azure Active Directory) admin center

Complete steps in this topic only after you finished the required configuration process at the Microsoft Identity Platform (Azure Active Directory) admin center

Perform the steps in this topic at the NetDocuments portal

Complete steps in this topic only after you finished the required configuration process at the NetDocuments portal

Perform the steps in this topic in Token Vault with a Token Vault administrator

Complete steps in this topic only after you finished the required configuration process in Token Vault with a Token Vault administrator

Perform the steps in this topic on the Token Vault Available authorization providers page

Complete steps in this topic only after you finished the required configuration process on the Token Vault Available authorization providers page

Perform the steps in this topic in the eCopy ShareScan Administration Console

   
When you are using an Exchange (Mail or Fax), a SharePoint connector, an iManage Worksite connector or an email inbox watcher via POP3 or IMAP, you can decide to utilize modern authentication. However, when you use the NetDocuments connector or the Notification service with Microsoft 365 SMTP server, modern authentication is your only option.