Change LFDS Group license synced from AD group for Forms Access

asked on July 1, 2021

Currently, we import users from AD based on two groups, one for named users and one for participant users. That works great. We have a group configured that gives access to our Forms which works for all users that are specifically added to the group.

Lets say Group A in Active Directory is set to import into LFDS with a full license while Group B in AD imports as forms authenticated participants. That syncs to LFDS and all of the users show up and are given the proper permissions. Now if I go over to LFDS Groups and make a group and add just the AD Groups , Group A + Group B, they show as having None license types in the group and no one can see laserfiche forms. I can't change that license type for the group. Even after going to Forms configuration and adding the group to User Authentication, no access is given to users of those two AD Groups. If I take the specific user added during the earlier import and add them specifically to the same LFDS group, then they show up during a User Sync in Laserfiche forms. They can then use the forms. Feels like the AD Group sync isn't passing through who is in the group or I'm missing something in everything.

Is there a way for me to automate the forms access for these two AD groups or do I have to manually maintain and add/remove the access through the group in LFDS individually?

The users login to Laserfiche forms using the Automatic login method. Sorry if this is confusing, I'm trying to wrap my own head around LFDS. I really don't want to have to maintain two entirely different groups for the same departments, one in AD and one in LFDS. Can this be avoided?

0 0

SELECTED ANSWER

replied on July 1, 2021

You are correct that the users will not be sync'd through to the Forms list if they are inheriting access via AD group (your setup), but they should still be able to access Forms. They will appear in the Forms user list after first login.

The way it works is like Window users in the repository, if you're familiar with that. You can add a Windows group to a repository group, and the individual Windows users do not appear in the repository administration console until they have logged in to the repository.

There are some versions of Forms where the users will show as invalid in Forms between syncs, but it should not affect their ability to gain access.

When you grant permission via AD groups within LFDS groups, Forms checks their access on login, rather than pre-populating the user list.

0 0

replied on July 1, 2021

Thanks for that. I always went by what was showing in the licensing window after the sync in Forms. It would mark them as invalid accounts, so I stopped there. Once I logged in to an account marked as invalid, it still gave me access and then it removed the invalid flag off the account, and I could add it to workflows once again.

1 0

replied on August 24, 2021

Brianna - Do you know what version the 'invalid' during sync issue was resolved? You are correct that they can still login, however since they are invalid Forms is not able to route documents to the users and so have to be re-assigned constantly.

0 0

Question

Question

Change LFDS Group license synced from AD group for Forms Access

Answer

Replies

Sign in to reply to this post.