Laserfiche Directory Server Authentication
Laserfiche Directory Server provides a central location to manage users and groups across multiple Laserfiche products.
One of the benefits of using Laserfiche Directory Server is single sign-on across Laserfiche Web products. Users sign in to one Laserfiche web product and will be automatically signed in to all other Laserfiche web products they are licensed for.
Important: Switching your user authentication to Laserfiche Directory Server cannot be undone and will remove all Laserfiche users and groups from Forms. Please consider the following:
- Ensure you have created and configured all your users and groups in Laserfiche Directory Server.
- If you had been using Laserfiche users and groups in Forms:
- Note the Forms security settings and access rights for each user and group. You will need to apply all security to your Laserfiche Directory Server users and groups manually.
- Note each place a form is routed to a Laserfiche user in all your processes. You will need to add the equivalent Laserfiche Directory Server user to each User Task as your existing Laserfiche users will be automatically removed.
- Active Directory users and groups will be automatically converted to Laserfiche Directory Server users and groups, so you will not need to reapply security or reconfigure User Tasks for these users.
- Forms Participant Users will be migrated to Laserfiche Directory Server when you run the migration utility, so you will not need to manually update these users.
To configure Laserfiche Directory Server authentication
- Open the User Authentication tab.
- If you will be giving Laserfiche Directory Server users access to Forms, select the Use a Laserfiche Directory Server for Single Sign-On authentication option.
- Under Laserfiche Forms Host URL, type the fully qualified domain name of your Laserfiche Forms Server, in the format //ServerName:port/Forms. This is the URL that the Directory Server STS will redirect users to after they successfully authenticate.
- If the Use TLS Connection checkbox is not selected in the Forms Server tab under Primary Forms Server URL, "http" is automatically prepended to the URL. If it is selected, "https" is prepended to the URL.
- Under Directory Server STS URL, type the fully qualified domain name of your Laserfiche Directory Server STS, in the format //DirectoryServer/LFDSSTS.
- Under Licensing Site, type the name of your Laserfiche Directory Server licensing site, in the format SiteDisplayName.
- Directory Server groups enable you to license to many members at once. Specify a list of Directory Server groups that will be allowed to sign in to Laserfiche Forms Forms or choose "Allow everyone to sign into Laserfiche Forms" to allow access to all the licensed users. Any licensed Directory Server user accounts that are members of a selected group can sign in to Laserfiche Forms when specifying groups, and any licensed Directory Server user accounts that are in the organizations which Laserfiche Form service user has view rights can sign in to Laserfiche Forms when allowing everyone.
Note: If you change the Laserfiche Forms license to use a different organization, you must re-validate any groups added to the list of groups who can sign in to Laserfiche Forms.
- Under Laserfiche Forms System Administrator specify a Directory Server account that you want to grant the System Administrator role in Laserfiche Forms.
- Under Active Directory domain controller specify an Active Directory domain controller to let Forms retrieve user information directly from Active Directory. Multiple controllers may be selected.
- Specifiy the Account synchronization interval in hours.
- Specifiy the Synchronized account expiration in hours.
- Optional: For additional security, you can specify a Session Timeout which will terminate a user session after a period of inactivity. To enable session timeouts:
- Check the box for Time out users after period of inactivity.
- Set the number of minutes before expiratipon.
- Select the Auto-save work in progress option to enable auto-save.
Note: These settings affect current sessions and should be performed at a time of limited activity.
Note: If a session timeout is specified, after the period of inactivity in Forms, the user will be signed out of all LFDS products.
- Click Save.