Controlling Access to a Licensing Site

The installation process automatically creates the Laserfiche Directory Service Administrators local Windows group on the machine hosting Directory Server and adds the account that runs the installation to the group. Members of this Windows group have full access to the Laserfiche Directory Server Web Administration Console. Members of the Local Administrators group on the computer hosting Laserfiche Directory Server also have full access.

Laserfiche Directory Server also provides additional security settings that allow more granular security. Directory Server provides additional security rights at the following levels of the site:

Licensing Site Security

The Security tab on the Settings page lets you adjust several licensing site-wide security settings.

Detach: Grants the ability to detach the licensing site from the Laserfiche Directory Server instance.

Register primary license: Register a primary license with the licensing site. Required to view the General tab of the Settings page.

View Site: Grants the ability to view information in a licensing site.

Download application licenses: Download license files for registered application instances.

Register identity provider: Register Active Directory or eDirectory servers with Laserfiche Directory Server.

Set application descriptions: Modify the description field for applications.

Register email server: Controls the ability to register email server profiles.

Register email template: Controls the ability to add email templates.

Identity Provider Rights

Identity provider rights govern specific actions for modifying properties related to registering Microsoft Active Directory or Novell eDirectory hosts with a Directory Server site. You can assign or unassign these rights from registered users in Directory Server. Users can be granted rights to view or modify only certain identity providers.

These rights can be viewed or modified as follows:

  1. On the Settings page, select Identity Providers.
  2. Select an identity provider in the left pane.
  3. In the right pane, open the Security tab.
  4. In the Everyone section, select or clear the checkboxes for the rights that you want to modify for all Directory Server users. The options have the following meanings:
    • View: View information about the identity provider.
    • Delete: Unregister the identity provider from Laserfiche Directory Server.
    • Modify: Grants the ability to modify settings for the ID provider and create Active Directory synchronization rules.
    • Set security: Grants the ability to view and assign rights on the Security tab of the identity provider.
  5. To assign rights for specific users or groups not in the list, click +Add.
    • In the dialog that appears, search for the users or groups of interest.
    • Select the rights you want the selected users or groups to have, and click Add.
  6. To assign rights to users or groups that are already listed below the Everyone section, clear or select the relevant checkboxes under those users or groups.
  7. Click Save when you're done.

Organization Rights

The Security tab on the Organizations page controls access to properties on an organization as well as objects within the organization (e.g., users, groups, devices, registered applications).

View: View information about the organization such as license usage information about the organization.

Set Security: Modify rights on the Security tab of the Organizations page.

Delete: Delete the organization from Laserfiche Directory Server.

Assign Licenses: Assign named user licenses to existing users, devices, and applications. When paired with the Add objects right, grants the ability to register application instances, new users, and devices with named licenses.

Modify: Configure license allocation limits for the organization. Also allows modifying properties on groups, users, devices, and registered application instances within the organization.

Add objects: Add suborganizations, groups, users, and devices to an organization. Register an application instance within an organization.

Remove objects: Remove suborganizations, groups, users, and devices from an organization. Register an application instance within an organization.

Reset Password: Reset the password on Laserfiche users that are members of the organization.

Set Claims and Attributes: Set profile information and trustee attributes on members of the organization.