You are viewing limited content. For full access, please sign in.

Question

Question

LFDS Laserfiche User to SAML

Administration
Updated November 18, 2020
asked on August 18, 2020

We have a situation where a client has around 1,000 Laserfiche accounts setup in LFDS. They would like to switch to using SAML instead. Is there any way to link or switch the Laserfiche accounts in LFDS to the SAML accounts so they retain access rights, histories, etc.?

1 0

Replies

replied on August 19, 2020

Hi Blake,

Unfortunately, there is no utility or API call you can use to make this transition directly. The only way to update tasks and security requires caution and backups, since it's to directly update user SIDS in the Forms and the Laserfiche Server SQL databases.

You could:

  • Backup all databases
  • Export the current user list, which will include their SIDS
  • Use this to make a file for uploading SAML users in bulk
  • Export the SAML user list after upload
  • Merge the two to make a mapping reference for the SIDs
  • Update all instances of those SIDs in the Laserfiche Server and in Forms

 

It's on our radar that customers want to migrate to SAML, but it's not on the roadmap yet. I'll add a link to this post.

1 0
replied on November 18, 2020

In a related scenario, is there a migration utility to move LFDS Laserfiche accounts to LFDS Windows accounts?  I have a client with 122 LFDS LF accounts (Full and Participant) that need to be switched to LFDS Windows accounts. Would it have to be done manually?

 

Should we stop all new Forms processes from being started, during the migration?

0 0
replied on November 18, 2020

The same general applies: there is no utility or built-in method to do this and if you choose to script this yourself, you must directly modify the SQL databases for Forms and LFS, and you must create a mapping of old SIDs to new SIDS to use with this database modification.
 

The fact that you want to create Windows users does affect how best to do handle the LFDS portion, since LFDS does not currently support importing a list of Windows users. You can write a custom script to create the users (documentation in the LFDS SDK covers adding and licensing Windows users), and potentially even use a custom script to generate the SID mapping for you.

 

For more information on precautions you should take, you can look at the Account Migration utility that moved repository users to Laserfiche users: https://support.laserfiche.com/kb/1014036/laserfiche-account-migration-tool

In addition to backing up as mentioned above:

  • Laserfiche Server should be turned OFF during the migration
  • Forms server should be turned OFF during the migration
  • If all instances of a SID are properly replaced in Forms and Forms is turned off as recommended, Forms instances that were in progress should be able to resume with the newly created user, since they are associated with the user's SID
0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...