With the new Outlook add-in, you can integrate your Inova account with Outlook.
This integration allows you to easily and quickly push emails and documents to your Inova application, directly from Outlook.

Make sure you meet the minimum requirements so you can get the most out of the new Outlook add-in!

* Our Add-in uses embedded browser control and a JavaScript engine for its operation and both are supplied by one of the browsers installed on the user's computer.
The choice of browser used is made automatically according to the Operating System and the Office version installed on the user's computer.
Consequently, for users whose system is not up to date, the browser used may be Internet Explorer 11. For those users, the "Create" button will not appear. Therefore, the creation of a new object while pushing an email will not be available until they update their Operating System and/or email client to a higher version.
Please refer to the table provided in the following Microsoft article to find out which browser will be used in your situation: Browsers used by Office Add-ins.

Outlook on the Web

Use the most recent versions of the following browsers for the best experience with the new Outlook add-in:

** For now, you won't be able to create a new object while pushing an email if you're using Chrome on Mac. The "Create" button will therefore not appear 

The Outlook Add-in is an integration of Inova and Outlook.

The following packages from Microsoft are required to run the Add-In. If they are not already installed, the installer will download and install them:

• Microsoft .NET Framework 4.6.2 (or higher)
• Microsoft Visual Studio 2010 Tools for Office Runtime

If a firewall blocks the download of these Microsoft packages it may be necessary to reach out to the local IT/network staff for assistance in downloading and installing these packages manually.

This document is intended for an IT administrator and assumes that readers have a basic understanding of Active Directory as well as its Federation Service.

You will need the assistance of an Inova expert to help you activate webSSO for your organization.

Overview of Single Sign On with Inova

What is SSO and its benefits?

The Single Sign On (SSO) Authentication allows a user to access multiple applications with a single set of credentials.
The advantages are multiple : users can move between applications securely without specifying their credentials each time, thus saving time and reducing the risk of forgetting their password.

Does Inova Support SSO?

Inova supports SSO via SAML 2.0 and acts as a service provider (SP) for SSO. The client must implement a federation service to act as an identity provider (IdP). Federation can be accomplished through an in-house or third-party provider.

Setting Up Single Sign On

IdP Requirements

To be compatible with D&A, your Idp must support the following:

• SP initiated SSO
• SAML 2.0

For example, here is a list of the third-party IdPs we already tested and validated:

• ADFS 2.0/3.0
• PingFederate/PingOne
• Okta
• Microsoft Azure AD
• SailPoint
• OpenAM
• VMWare ID

What you need from inova to set up your connection

• A quick configuration document for specific requirement
• Inova SP Metadata file

This Metadata file contains all the required informations to setup your IdP:

1. Entity ID: our Inova UAT or PROD entity id, depending of the phase of implementation
2. Security Token Consumer URL
3. Public certificate
4. User attributes to be sent over the SAML assertion

What Inova needs from your identity provider

• Your IdP Metadata file
• A test account to facilitate and accelerate the implementation

What Inova needs in the SAML assertion sent by your IdP

1. Login in Inova application is based on email address so it will be passed as NameID in the assertion
2. The lastname
3. The firstname
4. The email

Limitations depending on your IdP

• The authentication request is not signed by default
• The SAML assertion must be signed
• We don’t use encryption for the SAML assertion (possible with ADFS) it is not really an issue since Inova consumes a couple of non-confidential attributes like email address, givenName.
• Since the SPNameQualifier must be filled in the SAML response and IdP like Okta, PingId don’t provide this information the response passes through a SAML proxy in Inova infrastructure

Implementation steps

The WebSSO implementation is made in two phases and in relation with your IT experts. To secure our production environment we first configure and test the WebSSO on a UAT environment. During this step we define the right configuration and fix any issue that could happen during the authentication workflow.

Once everything is validated we go on Production, implementing the tested configuration and setting Inova with WebSSO. Inova application needs to be restarted during this phase.

Specific IdP informations

Most of the IdP like Okta, PingId only required a few set of parameters like:

• Entity ID
• Postback URL
• Target URL
• Certificates

Those parameters can be found in the Inova Metadata file.

With ADFS we need to create additional “claim rules” to add specific attributes we need for the Service Provider:

• A claim rule to set the spNameQualifier and namequalifier in the response,
• A claim rule to set the authentication mode “Password Protected Transport”

During the implementation steps your contact in Inova Software will give you all the details about those claim rules.

Inova is supported or certified on the browsers and operating systems listed below.

• Certified means that the browser or operating system has been tested in detail through functional test cases and user interface scenario compatibility.
• Supported means that the browser or operating system has been tested for key functionality to ensure that critical features are working as designed. Only blocker bugs will be fixed for these browsers.
  Blocker means that a key feature does not work, cannot be used, or returns incorrect results and no workaround is possible for such bugs.

Tip: Our testing suggests that Google Chrome provides the best performance when running Inova. So, to maximize the customer experience, we recommend using the latest version of Google Chrome.