We have just installed and configured a new Rio site. We are authenticating to local Active Directory.
We would also like to authenticate to Azure, for both Laserfiche Named Users and Forms Authenticated Participants.
Is it possible to authenticate to Azure Active Directory/Sync users down into LFDS?
How is this done, even if it requires third party connections or SAML and the like?
Question
Question
LFDS to Azure Active Directory
Replies
Yes, by upgrading to LFDS 10.3 you can add Azure Active Directory as a SAML Identity Provider.
To allow authenticating users to Azure, you will need to :
1. Set up Azure AD as SAML idp in LFDS, you can just upload Azure AD idp metadata file for initial configuration
2. Set up LFDS in Azure AD to use SAML-based Single sign-on, follow the links here:
3. Create SAML users in LFDS and assign user licenses
4. Double check access rules and policy settings in Azure AD to make sure users are not blocked during signing-in
5. Check out our SAML set up manual here if you run into any issues:
Hi Yining, related to this configuration what should be the behaviour of the login process for a user accessing to web client or forms...¿? In my case, the user login the station, then in the browser access the lf product url, it redirects it to lfds, lfds redirects it to microsoft login so the user must type his azure credentials there, after that the user is able to access the web client and lf forms without login.
In our azure environment we have AD on premises synchronization with Azure AD so SAML configuration should not have used the user logged in the station automatically...¿?
I also uploaded a doc with some screenshots of my azure configuration so if it is possible you could help us to validate our correct procedure it would be so helpfull...Thanks for your support.
Can this Azure AD SSO be leveraged to provide SSO from users in SharePoint Online to integrate with on-prem Laserfiche?
Hi, for an on premises LF installation look like way to synchronize an on premises ad but using azure ad and a cloud LF environment please check this link...
You must have domain Services enabled, Azure ad enabled, azure ad connect enabled, password hash sync enabled, on premises ad server sync service installed and configured and an ad identity provider configured in LFDS. Then follow the link instructions.
Remember you must have to install the certificates (https) from your LFDS and LF Web servers in the client machines same as lfds url and balancer public url (lf web severs) in the trusted sites.
There's now a new white paper explaining how to configure SAML authentication with Microsoft Azure AD.