You are viewing limited content. For full access, please sign in.

Question

Question

Laserfiche Cloud SSO - Federated ID

Laserfiche Cloud
Updated September 24, 2024
asked on January 12, 2021

Hi everyone!

 

I just have a question to more or less confirm we are correct.  What exactly is the Federated ID that Laserfiche is referring to when enabling SSO for a user in Laserfiche Cloud?  The help file section below states that this is set in your identity provider's page.  But the client and I were not sure where this was located or perhaps it is under a different name.  If it helps or matters, this client is using Okta for their SSO.  Thank you for any clarification you can provide!

 

Once Enable Single Sign-On is checked, the Federated ID field will appear. This is set in your identity provider's page.

 

0 0

Answer

SELECTED ANSWER
replied on January 12, 2021

Hi Mike,

The Federated ID or Identifier the system is looking for is the unique user identifier used to identify the user within your Identity Provider. This is typically the user name or email address associated with the user. For Azure AD, the default identifier is the user.userprincipalname. It could also be set up to be the user.mail, or the email address. For numerous IDPs we've tested, the email address is used as the unique identifier, so the value you would need to fill in the Federated ID field is the user's email address. Hopefully this clears up any confusion.

 

Thanks,

Shawn

0 0
replied on September 23, 2024

This makes it more confusing. I am in Entra ID right now and I have no idea of knowing if the federated ID is the user.userprinicpalename, or the user.mail or the email address. 

There needs to be much more clarity here than "your identity providers page", which page, where?

0 0
replied on September 23, 2024 Show version history

Laserfiche Cloud > Account Administration tells you it's configured to use the default NameID attribute for the Federated Identity mapping (unless you've configured it to use a custom claim/attribute):

The Entra SAML "Attributes & Claims" interface shows the configured claims. Name ID is the first claim on the page and appears automatically since it's required. Entra uses the user.userprincipalname source attribute for the Name ID claim value by default, though you can change it.

----

1 0
replied on September 24, 2024 Show version history

I would have never noticed this but good to know when I come back to this post in the future. The User identifying attribute does not say anything about being related the Federated ID

It would help if it said that it was the Federated ID source here and it should probably be moved out of advanced options since you will need to know this when you go to create user accounts on the final step of the documentation.

In the documentation as well we read the optional guide for each advanced feature and it did not mention a correlation between Federated ID and this field configuration

I no longer have access to the Entra interface but I wonder if we could have seen that NameID was the value we were looking for yesterday.

Instead we just kept trying the 3 different options mentioned by Shawn until it let us login and we found it was the email address.

As much clarity as possible is helpful here with all the terminology being thrown at us while configuring this.

1 0

Replies

You are not allowed to reply in this post.
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...