In FileHold, users can be added and managed locally or users that exist in a Windows domain can be added locally and managed from the domain.
- When users are managed in the domain, information about a user is updated in one place, the active directory administration, and changes can automatically affect any systems that use that central information. With respect to FileHold, this allows for things like name, title, or other contact details for the user to be automatically updated.
- Users can be quickly added to FileHold directly from the domain via a pre-configured domain group or a user's permissions with FileHold objects can be updated by adding or removing them from a domain group.
- If a user is disabled in the domain they will be immediately prevented from logging into FileHold.
- Integrated Windows Authentication (IWA), also know as single sign on, can be used by domain users to bypass re-entering their user id and password after they have logged into their Windows workstation.
Domain users can only be added when the active directory synchronization option has been licensed. Contact [email protected] to purchase this option.
Manually adding a domain user or domain group to FileHold
Complete the following steps to add an active directory domain managed user or group as a FileHold object.
You will only be able to add a domain object to FileHold after that domain has been synchronized with FileHold. After the initial synchronization the domain will be checked every hour for changes by default. Users' login credentials are not synchronized with FileHold, they are always requested in real time when a user logs in to FileHold.
To add a domain user or group to FileHold
In the Web Client, go to Administration > System Management > User Management > Users and click Add User(s).
- Alternatively, in FDA, log in with System Administrator rights and go to Administration > User Management > Users.
- For FileHold 16.0 and higher versions, click Add .
- For FileHold 15.2.1 and lower versions, click Add User(s).
Select Add a user(s) or group(s) from a domain/directory server and select the domain name from the list.
Select the check boxes for the users or groups you want to add and click Add.
To search for a domain user or group in the list, enter the name in the search field and click Search.
The icon for domain users is a single person and the icon for a group is two people.
In the Add Domain Group Options, select one of the following and click OK:
Add the group and the group members. Keep both synchronized with the domain. See using domain groups to automatically add and set permissions for users for more information.
Add just the group members and do not add the group. Only the user accounts will still be synchronized with the domain.
At the Add User(s) and Group(s) Confirmation, click OK.
Continue to add more users and groups to FileHold.
To return to the user list, click Back to the User List.
To set viewer, guaranteed access, scanning inbox (Web Cap) licenses, and multi-factor authentication exclusions, select Properties next to the user name and go to Account Settings. See Creating Locally Managed Users for more information.
When you add a user from the domain they are always added as a full user. If you want them to be a limited user you can make the change after they have been added.
Domain groups have a special purpose after they are added to FileHold. They are managed in the FileHold users list as for any user, but they do not take a FileHold license and no one can login using the user id (group name). When adding the domain group and choosing the option to keep the group synchronized, the domain group becomes a proxy for all domain users in the domain group. This means you can add the domain group to a FileHold group and automatically grant all domain users in the domain group the same permissions in FileHold. Likewise, removing them from the domain group will remove the associated permissions in FileHold.
Existing FileHold domain users will be automatically associated with a domain group that is added to FileHold when they are already members of that domain group. For example, you might manually add domain user "jessica" to FileHold and manually add her to a FileHold group called Accounting giving her access to the accounting documents. Later, you might manually add a domain group called "HumanResources" to FileHold and add that group to the FileHold Human Resources group giving all users associated with that group permission to the human resources documents. If the user "jessica" already belongs to the "HumanResources" domain group, she will automatically have access to the human resources documents in FileHold.
If a domain group has been added to FileHold and a user is added to that domain group in the active directory management, that user will automatically be added as a FileHold user. If they are removed from the domain group they will not be removed from FileHold, but their permissions associated with the domain group will be removed in FileHold. A user must be disabled in the domain for them to be automatically disabled in FileHold. This is an option set via Administration panel > System configuration > Settings > General. Users will never be automatically deleted in FileHold regardless of how they are added.
Using multiple domains
There is no specific limit to the number of domains that can be synchronized with FileHold. A single OU must be chosen when the domain is setup to be synchronized with FileHold. This will be the top of the domain tree that will be visible when adding users. For very large domains it is recommended that an OU be setup to limit the number of users to those that are likely to be used in FileHold. Very large domains may require more than an hour to synchronize depending on network and server performance and it is unlikely that hundreds of thousands of domain objects will need to be synchronized with any one FileHold system.
A single domain can be chose as the default domain during login.