Cloud Drive Mapper uses Chromium (the Chrome browser engine) to handle parts of the authentication and cookie-handling process.
With most SSO platforms, including: IAM Cloud, Azure AD SSO, Okta, OneLogin and Centrify, this will just work natively and you don't need to take any further actions.
However if you are using ADFS, and if you haven't already enabled SSO for Chrome, then you will need to enable it now to get SSO working for Cloud Drive Mapper.
How to Enable Chrome SSO with WIA in ADFS
A default installation of ADFS 2012 R2 has the following values defined in the WIASupportedUserAgents property:
- MSIE 6.0
- MSIE 7.0
- MSIE 8.0
- MSIE 9.0
- MSIE 10.0
- Windows Rights Management Client
In ADFS for Windows Server 2016 you will see a slightly updated list, but by default neither will include Chrome, unless you've previously added it yourself.
If Chrome is not present in this list, you need to add "Chrome" (without the quotes) to the WIASupportedUserAgents property.
The PowerShell command to do this for you is:
Set-AdfsProperties -WIASupportedUserAgents ((Get-ADFSProperties | Select -ExpandProperty WIASupportedUserAgents) + “Chrome”)
That's it! You're ready to go. Although if you want to read up on it any further, here is the Microsoft documentation on it.
"Wait! We can't enable SSO for Chrome!"
Ok, so we don't imagine this will be a particularly common scenario, but if your organization has a policy preventing you supporting Chrome in ADFS we have an option for you too.
You can override the in-built chromium browser within Cloud Drive Mapper so it presents itself as Internet Explorer when contacting ADFS instead. To do this you can add a registry key:
HKCU (or HKLM)\Software\IAM Cloud\CloudDriveMapper
Value: Mozilla/5.0 (Windows NT 6.2; Trident/7.0)
Here are the commands to achieve this:
REG ADD "HKLM\Software\IAM Cloud\CloudDriveMapper" /v "UserAgentOverride" /t "REG_SZ" /d "Mozilla/5.0 (Windows NT 6.2; Trident/7.0)" /f
REG ADD "HKCU\Software\IAM Cloud\CloudDriveMapper" /v "UserAgentOverride" /t "REG_SZ" /d "Mozilla/5.0 (Windows NT 6.2; Trident/7.0)" /f
This config override can be deployed via GPO in the normal way.
If you need any guidance or help from us on any of the above, please feel free to get in touch at firstname.lastname@example.org