You are viewing limited content. For full access, please sign in.

Question

Question

LFDS to Azure Active Directory

Directory Server
Updated November 2, 2018
asked on August 11, 2016

We have just installed and configured a new Rio site. We are authenticating to local Active Directory. 
We would also like to authenticate to Azure, for both Laserfiche Named Users and Forms Authenticated Participants. 
Is it possible to authenticate to Azure Active Directory/Sync users down into LFDS? 
How is this done, even if it requires third party connections or SAML and the like?

0 0

Replies

replied on May 15, 2018

Yes, by upgrading to LFDS 10.3 you can add Azure Active Directory as a SAML Identity Provider.

 

To allow authenticating users to Azure, you will need to :

1. Set up Azure AD as SAML idp in LFDS, you can just upload Azure AD idp metadata file for initial configuration

2. Set up LFDS in Azure AD to use SAML-based Single sign-on, follow the links here:

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-custom-apps#configuring-and-testing-azure-ad-single-sign-on

3. Create SAML users in LFDS and assign user licenses

4. Double check access rules and policy settings in Azure AD to make sure users are not blocked during signing-in

5. Check out our SAML set up manual here if you run into any issues:

https://support.laserfiche.com/resources/3903/configuring-laserfiche-directory-server-10-3-for-saml-authentication

 

 

0 0
replied on August 7, 2018

Hi Yining, related to this configuration what should be the behaviour of the login process for a user accessing to web client or forms...¿? In my case, the user login the station, then in the browser access the lf product url, it redirects it to lfds, lfds redirects it to microsoft login so the user must type his azure credentials there, after that the user is able to access the web client and lf forms without login.
In our azure environment we have AD on premises synchronization with Azure AD so SAML configuration should not have used the user logged in the station automatically...¿?
I also uploaded a doc with some screenshots of my azure configuration so if it is possible you could help us to validate our correct procedure it would be so helpfull...Thanks for your support.

OurSAMLSteps.docx (1 MB)
Download
0 0
replied on October 15, 2018

Can this Azure AD SSO be leveraged to provide SSO from users in SharePoint Online to integrate with on-prem Laserfiche?

0 0
replied on August 9, 2018

Hi, for an on premises LF installation look like way to synchronize an on premises ad but using azure ad and a cloud LF environment please check this link...

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-sso-quick-start

You must have domain Services enabled, Azure ad enabled, azure ad connect enabled, password hash sync enabled, on premises ad server sync service installed and configured and an ad identity provider configured in LFDS. Then follow the link instructions.

Remember you must have to install the certificates (https) from your LFDS and LF Web servers in the client machines same as lfds url and balancer public url (lf web severs) in the trusted sites.

0 0
replied on November 2, 2018

There's now a new white paper explaining how to configure SAML authentication with Microsoft Azure AD.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Attachments
Related Posts
Loading ...