User self-registration
System Administrators can allow users to self-register an account in the FileHold system. Self-registered users are considered local users and can be assigned either as a local or external identity provider (IdP) after they have created an account. This allows users to register themselves in FileHold without administrator intervention. These users can enter their full name, user name, and other contact details (which is optional). Self-registered users are considered locally managed users and are managed as such after they have created an account. An administrator can set it to locally-managed password or IdP but not both.
For locally-managed password users that are self-registered, they are placed into a FileHold group determined in the configuration. Generally this group will have minimal permissions. The administrator re-assigns these users to an appropriate group that provides them with the access they need.
For local users using an external identity provider, the users do not need to be added to a temporary group. This setting can be left blank. External identity provider users are added to FileHold using the group, if any, set in the self-registration settings, plus any groups stored in their role or group claims on their IdP such as Azure Active Directory profile roles.
Role or group claims must follow a pattern in order to be used to assign a user to a FileHold group. The general pattern is FileHoldGroup.<name-or-guid> where <name-or-guid> is the name of a FileHold group or the groups internal GUID. Group GUIDs can be found using the FHIT tool. For example, a user could be assigned to the "Finance" group with a role or group claim of FileHoldGroup.Finance.
The following are reasons for allowing self-registered accounts:
-
Most or all users for a Azure tenant will be FileHold users and the administator wishes to minimize manual setup.
-
The system is being deployed for the general public and user registration needs to be self-serve.
-
The system is being used by an organization that does not have or plan to use Active Directory to manage the users. This provides access while limiting administrator burden to create user accounts.
-
The system is occasionally accessed by casual users who may only logon a few times per year. On-demand access can be provided for these users who may spontaneously decide to access the system.
To set up self-registered users
-
Go to Administration Panel > System Management > User Management > Groups.
-
Create a new group for the self-registered users if required. A group is required for users registering with a locally managed password.
-
Go to Administration Panel > System Configuration> Security > Self-Registration.
-
Select one of the following:
-
Using local password
-
Using external identity provider
-
Select the FileHold Group to apply to the self-registered users. This field is required if using "using local password".
-
Click
.
If you choose the "Using local password" option, a Register as a new user link will be visible on the logon page of the Web Client. You cannot self-register from the FileHold Desktop Application (FDA).
If you choose the "Using external identity provider", your users just need to log in normally. The registration process is completely transparent.
To register as a local user user
-
From the Web Client logon page, do one of the following:
-
For local password users, click on the Register as a new user link. The User Self Registration page opens. Complete all required fields and click Register.
-
For external identity provider users, sign in using the configured method (such as Azure AD).
-
You will be automatically logged onto the Library with the access rights of the default group to which they were assigned.