You are viewing limited content. For full access, please sign in.

Question

Question

Azure Groups and Repository Security

Laserfiche Security
Updated July 23
asked on April 20, 2023

Hi All,

 

I'm sure this has been asked before but I can't find the original post now.

 

When are Laserfiche planning on adding support for Azure AD Groups to be used within the repository to set access rights (the same as on-premise AD groups)?

 

Thanks and Regards

Chris Douglas

0 0

Answer

SELECTED ANSWER
replied on April 20, 2023 Show version history

Hi Chris,

The way Azure AD works is pretty different from on-prem Active Directory, so we have to approach the problem differently, but there is a solution currently available.

Specifically, you can put a SAML group, such as an Azure AD group, in a Directory Server (LFDS) group, and then use that Directory Server group in places like the repository and Forms, e.g., to trust the group for login to the repository. 

Currently, Laserfiche cannot see all group members the same way it does for, say, AD group sync in LFDS, but we are investigating how to improve group support for SAML generally (e.g., Okta and OneLogin in addition to Azure AD), and group membership is calculated on log in so it's up-to-date.

1 0
replied on April 20, 2023

Thanks Brianna,

 

A roundabout way but something I can certainly test. Any issues I'll come back to you. 

 

Thanks!

Chris Douglas

0 0

Replies

replied on July 23

Hi Chris,

Federated group support for repository security is already available on LF Cloud, and the issue was addressed during our recent call.

Please feel free to reach out if you have any further questions or suggestions.

1 0
replied on May 2, 2024

A year on and we're still getting asked for this one. Is there any update on this please? Cheers!

0 0
replied on May 2, 2024 Show version history

Actually, yes! apologies for not updating this post.

The most recent release of LFDS (April 2024) included SCIM sync for groups, in addition to users.

This means that the SAML group membership, including group name and all members, can now be automatically synced over to LFDS and from there it is available to all Laserfiche applications.

It does require use of SCIM for synchronizing your Entra ID/Azure AD identity provider to LFDS. There is a video underway to explain this in more detail.

0 0
replied on May 3, 2024

Thanks Brianna, I look forward to the video!

0 0
replied on June 24

Hi All,

 

Just circling back to this.

 

When will federated groups be able to support repository security?

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...