You are viewing limited content. For full access, please sign in.



Synchronize claims through SAML to LFDS

asked on November 7, 2019

We are now setting up the Laserfiche environment for our upcoming works.  We are using SAML from Azure AD for authentication.  We already define extra claims (such as employee ID) from Azure AD, but we have no idea on how to synchronize these extra claims to LFDS, as creating "Other Claims" in LFDS under Identity Provider seems doesn't work.  

Furthermore, it seems that other defined claim (such as E-mail) only synchronize when the user log-in to LF.  Is it possible to synchronize this information even user never logged in?  As we need to use the email to send alerts in our business process.  


0 0


replied on November 11, 2019

Hi John,

To address your first question, those custom claims will be added to the token that LFDS generates when the user logs in to an end application. Those claims will not be visible in the LFDS UI.

With regards to your second question, this behavior is due to how SAML works. The SAML provider needs the user to authenticate before handing over the information it has on the user.

1 0
replied on November 11, 2019

Thanks.  But how can I access those "Other Claims" defined in the identity provider?  

Tried to check for the table "additional_claims" but no hope.


0 0
replied on November 12, 2019

Whenever a user signs in, you will find those claims passed in their LFDS token. We do not currently store those values anywhere.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.