You are viewing limited content. For full access, please sign in.

Question

Question

Making Forms External

asked on August 4

Is there some documentation on how to make an internal Form accessible on the external server?  I have Forms on my internal and external server.

I have a form that requires Director and CM approval and they would like to be able to approve or deny when they are out of the office.

Thank you in advance!

0 0

Replies

replied on August 4

Install your Public license on the external server, then while logged into either server go to Access Rights and an option to make the form public will be shown. So you can continue to maintain your processes from the internal server, but the public processes will only work on the external server.

If you are allowing users to login to the external server to perform tasks, there may not be any advantage to having an internal server any longer and you might want to consolidate.

Usually an internal / external server setup requires a VPN for user tasks and the external server only acccepts public submissions.

2 0
replied on August 4

If you have an instance of Forms accessible in your DMZ (with the routing service turned off and pointed at the same database as the internal site) then your users could log in using their network credentials even without VPN.

For example,

https://forms.yourdomain.com/forms

Then, assuming they're using Windows Authentication, they would log in with "domain\username" and their Windows password.

Basically, if you already have an external Forms instance, you shouldn't have to do anything special to let them access their user tasks; the only difference would be SSO vs manual login.

2 0
replied on August 5 Show version history

Nicholas,

You might run this scenario by your IT security team (or whoever is responsible for cybersecurity at your org). If various higher-ups need access to authenticated network resources, from a security perspective it's almost certainly better to have IT get them set up with an always-on VPN than to publicly expose a Laserfiche login page where attackers are free to attempt credential stuffing attacks.

The only real "safe" way to do a publicly exposed Laserfiche login page that needs to support AD user logins is to set up federated authentication with a SAML provider like Azure AD or Okta that requires multi-factor authentication (MFA), configuring that in Laserfiche Directory Server as a Linked Provider, and setting up a separate public-facing LFDSSTS instance that only allows authentication through the federated identity provider with MFA.

It's rather involved and Laserfiche-specific. An always-on VPN for the managers addresses the general case.

2 0
You are not allowed to follow up in this post.

Sign in to reply to this post.