Managing Users

There are multiple ways to add, delete, and manage users in Laserfiche Directory Server.

To learn more, navigate to one the topics below:

Registering Users: Learn how to register an individual user account with Laserfiche Directory Server to grant the user access to Laserfiche applications.
Managing Group Membership: Learn how to add groups and group members with Laserfiche Directory Server.
Batch Import of Users: Learn how to add multiple user accounts with a comma separated values file.
Unregistering Users: Learn how to unregister the user to free up the license.
Viewing and Editing User Properties: Learn how to view registered users and modify their properties in the Accounts page.

Registering Users

Register an individual user account with Laserfiche Directory Server to grant the user access to Laserfiche applications.

In Laserfiche Directory Server, navigate to your licensing site.
Click the Accounts tab.
Click the Users tab.
Click + Users button. In the context menu, select the type of user you want to register: Laserfiche User, Windows Active Directory User, LDAP User, or SAML User. For more information, follow the links below:
After registration, you may need to do more to ensure that users can access the relevant products.
- If you want a user to access a Laserfiche repository, then they need to be added to that repository.
  - In the Laserfiche Administration Console, they should be added under the Laserfiche Directory Accounts node.
  - In the Repository Administration page, choose to add either a Windows or Laserfiche user, depending on whether the user is registered in Directory Server as a Windows user.
- If you want a user to access Forms, make sure they belong to a group that is granted access on the Forms configuration page. You can view or edit this list of groups when you configure Directory Server authentication in Forms.

Important: When processing Active Directory Group Synchronization rules, Directory Server clears out all non-exempt named users. Registered named users that are marked as being exempt from synchronization rules and registered named devices are not affected.

Note: While you can assign a license to the built-in domain administrator account ([SampleDomainName]\Administrator), the account may not be able to sign in to Laserfiche repositories.

How to Register a Laserfiche User

Click +Users. In the context menu, select Laserfiche User.
Using the drop-down menu, choose the Organization and Group for this user. If you need to create a new Organization or Group, use the +Organization or +Group button. For more information, see Managing Group Membership.
Fill out the user information. Usernames have a 63 character limit and cannot contain the following characters:
/ \ @ " ' ? * : ; = [ ]
If this user does not have a Group assignment, use the drop-down menu to select user License.
Click Finish to save the user information or click Save and add another user to add additional users.

How to Register a Windows Active Directory User

Click +Users. In the context menu, select Windows Active Directory User.
Using the drop-down menu, choose the Organization and Group for this user. If you need to create a new Organization or Group, use the +Organization or +Group button. For more information, see Managing Group Membership.
Click the Register directory user(s) button.
In the Register Directory User(s) dialog box, using the drop-down menu, select an Active Directory identity provider.
Search for user names. By default, the search within this domain is set to Entire Directory. To change this, use the drop-down menu.
In the Search Results section, select users to add. Selected users automatically appear in the Added users section.
Click OK to finish adding users in the Register Directory Users dialog box.
Click Finish on the Create User page.

How to Register an LDAP User

Click +Users. In the context menu, select LDAP User.
Using the drop-down menu, choose the Organization and Group for this user. If you need to create a new Organization or Group, use the +Organization or +Group button. For more information, see Managing Group Membership.
Click the Register directory user(s) button.
In the Register Directory User(s) dialog box, using the drop-down menu, select an LDAP identity provider.
Search for user names. By default, the search within this domain is set to Entire Directory. To change this, use the drop-down menu.
In the Search Results section, select users to add. Selected users automatically appear in the Added users section.
Click OK to finish adding users in the Register Directory Users dialog box.
Click Finish on the Create User page.

How to Register a SAML User

Click +Users. In the context menu, select SAML User.
Using the drop-down menu, choose the Organization and Group for this user. If you need to create a new Organization or Group, use the +Organization or +Group button. For more information, see Managing Group Membership.
Using the drop-down menu, choose the name of your SAML Identity Provider. Once you select the SAML provider, the User Information section will appear.

Note: Mapped claims should be grayed out if the SAML Identity Provider authentication was properly configured. For more information, see Adding a SAML Identity Provider.

Fill out the user information. For the Unique Attribute field, you must use the value of the Unique Login Attribute in your SAML provider. Usernames have a 63 character limit and cannot contain the following characters:
/ \ @ " ' ? * : ; = [ ]
If this user was assigned to a Group, the License field will be automatically populated. If this user does not have a Group assignment, use the drop-down menu to select user License.
Click Finish to save the user information or click Save and add another user to add additional users.

Note: The Import user list button can be used to import many users at once. For more information, see Batch Import of SAML User Accounts.

Unregistering Users

If you no longer need a named user, you can unregister the user to free up the license. The user will no longer have a reserved license, and the license can then be re-allocated to another user.

Unregistering a named user removes that user's reserved license, but it will not necessarily prevent the user from logging in to the repository. The user could still be able to sign in using a named device or WebLink via a public portal license. If you want to make sure the user can no longer access the repository at all, you will need to either remove them from the repository, or change their authentication status to Denied in the Laserfiche Administration Console.

Important: Be aware that Active Directory Group Synchronization rules can automatically re-add named users that you manually remove.

The Export User List button saves a comma-separated (CSV) file of all registered user accounts in the Directory Server site.

Viewing And Editing User Properties

You can view registered users and modify their properties in the Accounts page.

On the Accounts page, click Users.
In the list of users:
- Click Filter or Search to look for specific users.
- Click Reset to return to the full list of users.
Select a user to view their properties.
In the right pane, you can:
- Modify a user's organization, license, and group memberships in the General tab.
- Also in the General tab for Active Directory users, turn on the Exempt from synchronization rules option for a user if you don't want Active Directory synchronization rules to override manual modifications of the user's properties.
- View and modify attributes in a user's Profile, such as their name, email, and department.
- For Laserfiche users, view and modify a user's password policies in the Password tab.
Click Save to save any changes to user properties before navigating between tabs.

Free Training: User Management in Laserfiche 11 eLearning course in Aspire.