You are viewing limited content. For full access, please sign in.

Question

Question

Change Identity Provider info in registered user

Directory Server Version 11
Updated September 21, 2021
asked on September 19, 2021

I accidently created few Identity Providers from the same AD.

Number of users has been registered from these IdPs.

 

I'm planning to consolidate into one IdP and delete other IdP but when I try to do that, it asked if I want to delete all users that was registered under that IdP.

 

Since all the IdPs are basically connected to same AD, how can I delete all the IdPs i don't want but maintain the users at the same time?

 

Hoping anyone know?

0 0

Answer

SELECTED ANSWER
replied on September 20, 2021

Hi Mohd,

I recommend adding Active Directory synchronization rules to the identity provider you would like to keep that will cover all of the users added in the other identity providers. If you delete the other identity providers and their users, you can sync the deleted users back into LFDS under the correct identity provider. Be sure to backup LFDS's database beforehand just in case.

This should not affect the users' data in other applications because they are identified by their AD SID which will remain the same. Make sure that you did not add any AD users directly to LFDS groups, and if you did, add an applicable AD group that they belong to to the LFDS group instead so they inherit access and don't need to be re-added to the LFDS group.

0 0
replied on September 20, 2021

Hi Chase,

 

Thanks for the suggestion. 

" and if you did, add an applicable AD group that they belong to to the LFDS group instead" . Do you mean i need to created AD group in Admin Console and then assign these group to LFDS group?

 

 

0 0
replied on September 21, 2021

No, I'm referring to a group created within your Active Directory domain. It's a recommended practice to add Active Directory groups to LFDS groups for user management instead of adding each individual user to the LFDS group, so you don't need to worry about adding and removing users when they enter and leave the AD group.

For example, you could create a group in Active Directory called "Laserfiche Access" and add any users in AD that you want to access Laserfiche. You then could sync these users into LFDS by adding an AD sync rule for "Laserfiche Access". Finally, you would create an LFDS group titled something like "myLfdsGroup" and add the AD group "Laserfiche Access" to it. Now when a user gets added to "Laserfiche Access" in Active Directory, they will be synced into LFDS and granted inheritance to "myLfdsGroup" automatically. From there, just set "myLfdsGroup" as a trusted group in whichever end application you are configuring.

0 0
replied on September 21, 2021

Ah, I got you. Thanks for the clarification. 

1 0

Replies

You are not allowed to reply in this post.
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...