Couple issues with Import Agent service accounts in Cloud

posted on October 27, 2022

First issue is when creating service accounts for Import Agent is the email requirement. In on-prem an email is not required when creating a basic Laserfiche User but in Cloud it is now a requirement.

What happens is the user just enters their own email address and it says that email is already in use by another account, so they just have to enter a random invalid email.

The second issue is the need to use a Full license without any option to prevent logging in through the web. This is a security vulnerability. With on-prem no one can login through Web Client or by any other means besides using the Import Agent service itself making it a true service account. Now if the password was somehow leaked, someone could use it to download, delete and access the repository in many unintended ways. Even for clients that use 2 factor auth, the import agent account is still a single password vulnerability where it was not on an on-prem system.

1 0

replied on January 17, 2023

Hi Chad,

FYI, I have found, using a service principle account VS. a full user account addresses these concerns in Laserfiche Cloud.

1 0

replied on January 17, 2023

Yes, an official announcement should go out this week once we finish adding service principals to Starter plans as well. Higher tier plans have them included already.

0 0

replied on January 17, 2023

I did not know Starter was going to have this change, it will be in place by next week?

0 0

replied on January 17, 2023

Yes, that's the goal. Keep in mind that all other plan types can already use service principles with Import Agent, it's just that starter currently doesn't include any - hence adding the one.

2 0

Discussion

Discussion

Couple issues with Import Agent service accounts in Cloud

Comments 4

Follow-Ups 0

Sign in to reply to this post.