General Settings

The General tab on the Settings page displays general miscellaneous information about the licensing site:

Primary License

Use the Renew primary license link and Deactivate link to manage the primary license associated with the licensing site.

Turn on the Renew subscription primary license automatically option to automatically renew a primary license prior to the primary license expiration date. Directory Server will start attempting to renew an expiring primary license 30 days before the expiration date.

Licensing Site

Use the Modify connection string option to configure the SQL connection string to your licensing site's SQL Server database.

Use the Detach licensing site option to detach the licensing site from Directory Server.

Relicensing Notification

Turn on the Enable Relicensing Notifications option to send notifications to registered instances of Laserfiche Forms (versions 10.4 and later) and Laserfiche Server (versions 10.4 and later) when there is a change in the primary license. Choose between sending the update notification immediately or during a scheduled time window. Laserfiche Forms and Laserfiche Server can then attempt to automatically retrieve an updated application license.

Note: Laserfiche Forms 10.4 and Laserfiche Server 10.4 and later support automatically replacing their application licenses based on changes to the Directory Server primary license. You must specify whether you want the registered Laserfiche Forms or Laserfiche Server instance to override the default notification settings.

Enable Active Directory Synchronization

Turn on Active Directory synchronization and configure a polling interval or choose to run synchronization rules on a schedule. There are also additional options for configuring how Directory Server should handle deleted users within Active Directory.

  • Remove users deleted from Active Directory
    • Yes: All users deleted from Active Directory are removed from Laserfiche Directory Server. See Ignore Active Directory tombstone for further configuration options.
    • No: User licenses are freed in Laserfiche Directory Server for all users deleted from Active Directory. All user entries corresponding with the users deleted from Active Directory will remain in Laserfiche Directory Server.
  • Ignore Active Directory tombstones (This setting will only apply when Remove users deleted from Active Directory is set to Yes)
    • Yes: Users deleted from Active Directory are removed from Laserfiche Directory Server, ignoring the Active Directory tombstone lifetime attribute.
    • No: Users deleted from Active Directory will be removed from Laserfiche Directory Server after the Active Directory tombstone lifetime attributes expires. For example, if the Active Directory tombstone lifetime attribute is set to 60 days, user deletion in Laserfiche Directory Server will be delayed by 60 days.

      Note: Active Directory tombstone lifetime attribute defaults are configured in Active Directory, not Laserfiche Directory Server. To learn more, see Microsoft's documentation.

      Note: An Active Directory administrator must give Laserfiche Directory Server permission to access the Active Directory tombstone lifetime attribute for user deletion to be delayed in Laserfiche Directory Server. To learn more, navigate to Required Permissions For Enabling Active Directory Group Synchronization.

Note: When the Poll Active Directory for synchronization every value is set to 0, Active Directory synchronization will occur every 30 minutes after the service is started.

Multi-factor Authentication (MFA)

If MFA is turned on for a Laserfiche User, upon next sign-in, they will be presented with instructions to link their account with a one-time passcode authenticator app (e.g., Google Authenticator or Microsoft Authenticator).

  • MFA always required for Laserfiche Users: Turn on this option to turn on MFA for all Laserfiche Users.
  • MFA inherited behavior is enabled for Laserfiche Users: Turn on this option to turn on MFA for Laserfiche Users with an MFA status set to Inherited.

Enable Cluster

Directory Server supports the Windows failover clustering feature. Before turning on the clustering option, make sure the failover cluster is properly configured.

  1. Install the Windows Failover Clustering feature on all computers in the potential cluster. Make sure to include the cluster management tools.
  2. Open Windows Failover Cluster Manager and create a new cluster.
    1. Include all the appropriate computers in the cluster.
    2. Under Nodes, verify that all the appropriate computers are listed.
  3. Install Laserfiche Directory Server with the Laserfiche Directory Server Failover Cluster Support component on all computers in the cluster.
  4. Using Windows Failover Cluster Manager, under Roles, create and configure a new role.
    1. In the wizard, on the Select Role step, select Other Server.
    2. On the Client Access Point step, specify a cluster role name.
    3. When prompted to select a Resource Type, choose Laserfiche Directory Service Resource.
  5. Back in the Failover Cluster Manager, right-click on the newly created role and view the Properties.
    1. On the General tab, in the Preferred Owners section, select all the nodes.
    2. On the Failover tab, adjust failover settings as appropriate.
  6. Check that Resource properties for the role are configured.
    1. Select the Role.
    2. At the bottom of Failover Cluster Manager, click the Resources tab.
    3. Under Server Name, right-click on the Server name (the "Client Access Point") and click Properties.
    4. On the Dependencies tab, take note of the IP address value. Then close the properties dialog box.
    5. Under Other Resources, right-click on Laserfiche Directory Service Resource, and click Properties.
    6. On the Dependencies tab, take note of the Resource name.
    7. Start the cluster. Right-click on Laserfiche Directory Service Resource and click Bring Online.
  7. Note: You may need to stop all Directory Server services before starting the cluster.

  1. Turn on the Enable Cluster option.
  2. Next to Cluster Role Name, specify the cluster role created in the previous section.
  3. Next to Cluster Fingerprint, specify the hardware fingerprint of the first cluster node hosting Directory Server.
  4. Click Add new host to cluster and add a cluster node. Repeat as necessary for additional nodes.

Note: The licensing database connections must be configured separately for each node. Administrators should create and activate the Directory Server database on one node, then attach the database to the other Directory Server nodes. To learn more, go to Configuring Windows Failover Clustering for Laserfiche Directory Server.

SAML Login Configuration

If you've configured an identity provider to authenticate using SAML, Default Landing Page lets you set a default landing page that will be shown after successful authentication requests initiated by the identity provider. This does not affect SAML authentication requests that are initiated from a Laserfiche application—users will still be redirected to a Laserfiche application's home page after selecting SAML authentication on the application's sign-in page.

Under SAML Entity ID, you can specify a custom ID that Directory Server will use to identify itself to the SAML identity provider. By default, Directory Server's entity ID is in the format https://DirectoryServerHostName/lfds.

If you're moving Directory Server to a new computer or changing its host name, but you don't want to reconfigure your SAML identity providers, you can specify the old entity ID in this field. The old ID will effectively act as an alias for the new entity ID.

Note: The Default Landing Page and SAML Entity ID fields are optional for most SAML authentication configurations, including those for Shibboleth, Okta, and Microsoft Entra ID.

Directory Server Administration Site Display

Users can use this setting to choose a default licensing site when navigating to https://[MachineName]/lfds/. This user setting will only apply to the user checking the check-box.

Application Version Information

Application version numbers may be sent to Laserfiche during licensing for troubleshooting and product improvement. Administrators can choose to turn this feature on or off by setting the Allow version information collection to Yes or No.

Note: By default, the Allow version information collectionsetting is set to Yes.

Enable SCIM Service

Set the option to Yes to use the SCIM 2.0 implementation. Existing TLS certificates configured in the Laserfiche Directory Server Configuration Utility will be shown.

Turn on the SCIM Licensing Synchronization option to automatically reallocate licenses for SCIM-provisioned users. Any configured Group-based rules will run according to the set schedule.