You are viewing limited content. For full access, please sign in.

Question

Question

Adding SAML accounts to LFDS

Updated July 11, 2019
asked on July 16, 2018

Hi,

We have set up Azure AD and configured Directory Server to authenticate against it (by setting it up as a SAML IdP) and got the authentication part working after some teething problems, see:

Authentication with Directory Server 10.3 with SAML (Azure AD) authentication (https://answers.laserfiche.com/questions/144266)

 

We now have a further issue.  While we can see in the Azure logs (see attached screenshot) that Directory Server is successfully authenticating a user for Laserfiche, access is still denied.  I believe this is because SAML accounts have not been successfully synchronised from Azure AD to Directory Server and therefore are not available as accounts to be given access rights in Laserfiche applications.

I have tried the synchronisation button (which indicates synchronisation has completed successfully but no accounts appear in DS)  and I have also tried adding accounts manually (using information from Azure AD) but this results in an error when adding the account in DS.  I can add other account types without issue.

Is there some trick to adding SAML accounts ?

thanks,

Ian

Azure_Sign_Ins.png
Azure_Sign_Ins.png (95.27 KB)
Download
0 0

Replies

replied on July 16, 2018

Where exactly do you get "access denied" errors?

0 0
replied on July 16, 2018

Access denied happens after clicking on the SAML(Azure AD) logon button and after the successful Azure authentication event in the Azure logs, it then displays the standard Laserfiche login page, because access has been denied (I am assuming).

0 0
View 2 previous replies
replied on July 16, 2018

Has the user been added to the trusted accounts for the repository?

0 0
replied on July 18, 2018

That's the problem. I can't add the SAML user to LFDS and hence add it as a trusted account for the repository.

0 0
replied on August 7, 2018

Hi Ian,

Could you please check if you have set correct access for this user in Azure portal? 

https://docs.microsoft.com/en-us/azure/active-directory/application-access-assignment-how-to-add-assignment

 

You should be able to add SAML user to LFDS manually, either one by one or by CSV import.

0 0
replied on July 11, 2019

Does anyone have the CSV format used to import a user list for SAML in LFDS?

0 0
replied on July 11, 2019

See the documentation.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Attachments
Related Posts
Loading ...