Critical Advisory: Update/action is required to address issues and a critical vulnerability, related to SAML authentication

03 February 2020

iManage Cloud and on-premise customers
Issue - Impact of new Google Chrome on iManage Work applications and iManage Share using SAML authentication.
On January 21, 2020, Microsoft published a communication regarding upcoming changes to how the Google Chrome web browser, as of version 80, handles cookies and the potential effect this will have on applications. In testing, iManage has discovered that the changes prevent users from logging in and authenticating to iManage Work in the Cloud and on-premises when using SAML authentication and the Google Chrome web browser with a number of iManage Work applications, plus folders linked from iManage Work to iManage Share for file sharing are broken and inaccessible.
 
Version 80 of Google Chrome is set for release on February 4, 2020, with an early release having been made available for testing and validation.
Action 
  • To resolve the user authentication issue when using SAML authentication with Google Chrome v80, you must configure at least two Windows Registry settings on each user's desktop machine. Please see the full advisory for details on the required changes.
  • At this time, there is no configuration change available to address the iManage Share linked folder issue. OIA will publish an update as more information is released by iManage, however, you can choose to follow the above article on the iManage Help Center to receive email notifications directly.
On-premise customers only
Issue - Security vulnerability in on-premises iManage Work Server using SAML authentication.
During an internal review, iManage identified a vulnerability in the SAML authentication process used by iManage Work Servers version 10.0.1 and later, which can be exploited to allow unauthorized access to documents and content.
Action 
  • Upgrade to iManage Work Server 10.2.2.244 - Download Work Server 10.2.2.244 from the iManage Work Server 10.x release page.
  • Mitigate potential impact - Depending on how quickly you can upgrade your Work Server(s), you may choose to follow the recommended actions detailed in the advisory ahead of your upgrade.
Please contact OIA Support for information, or for assistance with implementing any of the above recommendations.

© 2020 Office Information Australia

  • Contact
  • Grey LinkedIn Icon
  • Grey YouTube Icon
  • Speech Bubble