Does LF support (2 Factor authentication)?
We are investigating built-in options for multi-factor authentication (MFA), so it would be very helpful if you could share details about what you need from a two-factor authentication system.
In particular:
While Laserfiche does not have our own multi-factor authentication for on-premises software (Directory Server, Laserfiche Server), some of our authentication options support MFA:
Note: Laserfiche Cloud does support MFA through virtual MFA token applications such as Google Authenticator.
Hi Brianna,
With regards to Supported Authentication Options for MFA, is there are configuration document is available from Laserfiche?
We would like to get the support of the MFA feature in Laserfiche through ADFS or SAML providers, mainly for Laserfiche Web Access and Laserfiche Mobile.
Can you provide more information on this?
If you are using AD FS or SAML, both options support MFA themselves. That is, you should be setting up MFA within AD FS or SAML, not within Laserfiche --- as such, the best resource for configuration is your SAML provider, your intended MFA provider (such as Duo) or AD FS documentation.
If you are on 10.4, both Mobile and Web Access support SAML authentication via LFDS login, and thus both support SAML with MFA.
LFDS/Laserfiche has no knowledge of whether or not SAML or AD FS is configured to use MFA, since that part of the authentication is handled entirely by AD FS/your SAML provider. As such, there is no additional Laserfiche configuration involved if you chose to use MFA through SAML or AD FS.
If you'd like information on configuring LFDS to use AD FS or SAML, we have several whitepapers, such as https://support.laserfiche.com/resources/3921/configuring-directory-server-10-3-for-saml-authentication-with-okta
Hi Saifudeen,
Sadly at this point in time, no.
Laserfiche 10.4.2 (Scheduled for December 2019)
This on-premises release includes LFDS updates to better address enterprise-level deployment and user licensing needs, including support for configuring Laserfiche for private Azure or AWS cloud systems, just-in-time user provisioning for SAML/AD users, expanded LFDS audit reporting, and multi-factor authentication for LFDS users. In addition, Laserfiche Forms will include new out-of-the-box insights reports to better identify process bottlenecks and inefficiencies, as well as expanded options to troubleshoot errors for in-progress processes.
Do you have documentation on how to implement just-in-time (JIT) provisioning for SAML users? This would be very helpful in my environment
We have just-in-time provisioning for SAML, though the feature is part of an add-on for Rio systems (rather than included for all Rio).
Documentation is here: https://www.laserfiche.com/support/webhelp/Laserfiche/10/en-US/administration/#../Subsystems/LFDS/Content/self-registration.htm
You can talk to your solution provider about the add-on if this feature looks like it would meet your needs for JIT provisioning.
If it doesn't look like what you expect for JIT, I'd like to hear more about your use case so we can consider it in the future
Brianna,
I don't see this option available in LFDS version 10.4.4.444. Is this available for a specific license. Our Client has Rio.
Regards
As noted, the JIT provisioning is an add-on for Rio systems.
Since this is a subscription-based add-on (even if the customer's system is perpetual), it is listed is under the subscription pricelist.
See the announcement in the SP group or channel news email for more details and links to resources for Solution Providers.