If a SAML identity provider is registered in Laserfiche Directory Server and backed by an Active Directory Identity Provider also registered in Laserfiche Directory Server, then a user must use the SAML Authentication button to sign-in to Laserfiche Directory Server. If the user does not click the SAML Authentication button and signs-in with their Windows Active Directory username and password instead, then the user will not have access to any end applications in Laserfiche Directory Server due to a Security Identifier (SID) mismatch. This issue can be resolved by configuring the Laserfiche Directory Server Security Token Service Configuration page.
The administrator can configure the Laserfiche Laserfiche Directory Server sign-in page to hide the username and password fields. This will ensure users select the SAML Authentication button to sign-in to Laserfiche Directory Server.
- Navigate to the Laserfiche Directory Server Security Token Service Configuration page.
- Check the box for Hide Laserfiche Authentication. This will remove the “username” and “password” field from the Laserfiche Laserfiche Directory Server sign-in page.
- Check the box for Hide Windows Authentication. This will remove the Windows Authentication button below the username and password fields.
Note: The SAML Authentication feature must be enabled for SAML users to access Laserfiche Directory Server and licensed end applications. To learn more, see the Configuring Single Sign-on with SAML Authentication page.