Hello all,
If anyone has successfully configured your claims to import SAML users into LFDS via AZURE SSO are you able to share your claims page?
Thank you,
Mark
I think I need to update this post, knowledge request. Their is good guidance on how to configure claims and I think I now have that done.
The core of my issue is I want users in groups selected in AZURE to be passed to LFDS as SAML Users and not be required to be manually or batch created. This is what I referred to for claim mapping from Laserfiche documentation
Hi Mark,
You're asking about user provisioning, which is technically unrelated to SAML claim mapping. For automatically provisioning SAML Users, you currently have one option, with a second soon to be available.
Option 1: Self-Registration, also known as "Just-in-Time Provisioning"
With automatic Self-Registration, users are automatically assigned a license upon first login. Has a current limitation that only one license type (e.g., Education or Full) can be assigned this way.
Option 2: System for Cross-domain Identity Management (SCIM)
SCIM is a provisioning API. An Identity Provider (like Azure AD) acting as a SCIM client can send a message to a SCIM server (like Laserfiche Directory Server) to register a user based on a triggering action (such as assigning a user to the app in Azure AD). More detailed flow described here: SCIM Overview
The SCIM API spec has two major versions: 1.1 and 2.0.
LFDS currently supports SCIM 1.1 (used by Okta).
Azure AD only supports SCIM 2.0.
The next release of LFDS, Version 11 Update 3, adds SCIM 2.0 support so you can use it with Azure AD. It should be available early May 2023.