We have been using Laserfiche Accounts since beginning use of Laserfiche here at our Agency. While I was looking at this new Q&A module I ran into another response to a question on this site where it was stated in a response "The Account Conversion utility that you are referencing is designed to help admins transition from Laserfiche users to domain accounts which, in most cases, is highly recommended." Why is it highly recommended? What are the advantages and disadvantages?
Why are the Domain Accounts highly recommended instead of using Laserfiche Users in Laserfiche?
Mostly ease of administration. If you already have an active directory, your users already have an account and a password and a policy for changing those passwords regularly in place. So why make them remember another login and password? It's also easier to deal with users leaving your company. Just lock their Windows account and their LF access is also revoked.
If you have multiple repositories, LF accounts need to be set as named users for each repository, where a Windows account only needs to be set as named user per server.
For LF Rio, where the License Manager deals with named users, Windows users can be automatically synchronized with active directory. So just creating a domain account for a new employee and putting them in the right Windows group will give them the correct access to LF without any extra work.
For Workflow purposes, Windows users are easier to use too since WF can read their email address and other properties (such as first, last name, title or manager) directly from Active Directory. Laserfiche users have to be individually configured with an email and other properties.
If you started with Laserfiche prior to LF7, LF accounts were the only option for authentication. There is nothing inherently wrong with that setup.
It really depends on your use case.
- less overhead of managing users
- users can utilize their existing credential to login and not have to remember another set of usernames and passwords
- can utilized active directory groups
- ability to use digital signatures
- ability to access user's info provided in active directory such as e-mail, manager, user folder, etc for workflow to use
Laserfiche Trustee Account
- has ability to link one or more domain accounts
- user can access their account from machines that are not part of the network where the server resides. For example, connecting to web access server from outside of network where you don't have access to your domain account
- users can still access Laserfiche if there are any issues with domain accounts or active directory in general
Here at the City of Newport Beach we found it easier to create Groups in Active Directory then add the users to the groups. Using Laserfiche Admin Console I added the A/D Groups and set up the security. So in the future when I need to add more users I only have to use Windows Active Directory. Then the users will be able to launch Weblink or WebAccess and have the right security.