LF Cloud Single Sign-On configuration does not look correct to me, fields missing, extra fields not mentioned

SELECTED ANSWER

replied on March 3, 2022

The documentation is a little outdated.

SSO Service URL is indeed the updated label for Endpoint.
Type has been removed
Once you save the initial SSO configuration, you'll be able to upload the certificates on the screen below the save/cancel buttons

2 0

View 6 previous replies

replied on March 3, 2022

Thank you that worked. Could have never guessed.

0 0

replied on March 3, 2022

Thanks Kyle. We've notified the relevant team to update the documentation to reflect more recent changes in this config UI.

0 0

replied on March 8, 2022 • Show version history

Is it possible this setting is incorrect as well?

Should it be Name ID instead of UPN?

This was reported as an issue by IT

0 0

replied on March 8, 2022

Hi Chad,

That was a requirement for LF Cloud's original ADFS implementation. The requirement for UPN is no longer a requirement. You can set any claim you like as long as the correct attribute is also specified in SSO configuration for LF Cloud.

0 0

replied on March 8, 2022

Where is the SSO configuration for LF Cloud?

Is that this page? I don't see User-Principal-Name here so maybe this is the wrong area. We configured the claims on the ADFS server, there is no mention of configuring anything in Cloud outside of the article below

https://doc.laserfiche.com/laserfiche.documentation/en-us/Default.htm#ConfiguringSSO.htm%3FTocPath%3DAccount%2520Administration%7CConfiguring%2520Single%2520Sign-On%2520in%2520Laserfiche%2520Cloud%2520%7C_____0

0 0

replied on March 8, 2022

In the Identity Provider configuration screen, there is a field called User identifying attribute. By default it's set to NameID, so you should probably leave it as is if you are intending to use NameID. However, if for any reason, NameID isn't sufficient, then you can set User Identifying attribute to 'Use customized attriute'

1 0

replied on March 8, 2022

I see, there was no mention of any of these advanced fields in the documentation.

Also by having us set it to UPN instead of the default NameID, it caused the users to get a wild error when logging in and prevented them being able to get into the system with no clear method to resolve.

Isn't doc.laserfiche.com the place we get the most updated documentation? Why are we working with outdated documentation on what to me, is a brand new feature. This is the first time I have used anything other than Kerberos or LDAP to join LF to a Windows domain.

1 0

replied on March 8, 2022

As I noted earlier, "We've notified the relevant team to update the documentation to reflect more recent changes in this config UI."

There was until recently someone on the User Education team (responsible for web documentation) dedicated to covering ACS/LFDS. They left, and the rest of the UE team is covering that gap the best they can while we work to fill the position.

1 1

replied on March 8, 2022

Ok thank you. It is one thing if a website or documentation mentioned technical jargon here and there that I might not be familiar with, I can research it. But this system has so many wild jargon words in it that it might take a month to look up what they all mean.

So we can only follow the documentation to the T and hope it knows what it is talking about while every other word sounds like something out of a sci-fi novel.

In the LDAP configuration of on-prem it was much more straight forward. We have server name, port, credentials. All terminology we work with on a regular basis.

1 0

Question

Question

LF Cloud Single Sign-On configuration does not look correct to me, fields missing, extra fields not mentioned

Answer

Replies

Sign in to reply to this post.