Allow AD or LDAP Users to Create a New Account

Administrators can customize how new user accounts are created. 

In these scenarios you are allowing AD or LDAP users to create a new FileCloud user account in one of the following ways:

  • Admins want FileCloud to automatically create a new FileCloud account for their Active Directory or LDAP Users on First Login

  • Active Directory or LDAP Users create a new FileCloud account different from their AD or LDAP credentials

The settings that you use to configure this scenario are described in Table1.

SettingOptionsDescription
New Account

ENABLED = opens a window for the user to type in new account information

DISABLED = opens a window explaining that User Account Creation is not allowed

This setting determines the behavior of the New Account button on the User Portal Login page.

If enabled, this setting works with two other settings to determine authentication and approval permissions:

  • Allow Account Signups
  • Automatic Account Approval

Allow Account Signups

Specifies if a user can or cannot create an new FileCloud user account by choosing:

  • DEFAULT
  • TRUE
  • FALSE

Can Create an Account

Prerequisite: New Account  = Enabled

DEFAULT = Local user authentication is allowed

  • Active Directory authentication allowed
  • LDAP authentication allowed


TRUE = Local user can create their own account

Cannot Create an Account

FALSE = Local user cannot create their own account

  • If the New Account button is enabled, and the user clicks it, they can fill out the fields on the form. However, when they try to submit the information they will get an error that new account creation is not allowed.

This setting controls if the user can create a new account. By default, the account is disabled until an administrator approves it. If you want the account to be automatically approved, use the Automatic Account Approval settings.

Do I choose DEFAULT or TRUE?

DEFAULT

  • If you are using AD or LDAP Authentication.
  • After you import AD or LDAP user accounts into FileCloud, tell your users to log in using their AD or LDAP credentials.

TRUE

  • You want to allow your users to create their own user accounts. By default, the account is disabled until an Administrator approves it.

Automatic Account Approval

(Default) 0 = The account created by the user is DISABLED by default. It requires Admin approval to assign FULL or GUEST access to the account.

1 = The new user account is automatically approved with FULL access.

2 = The new user account is automatically approved with GUEST access.

3 = The new user account is automatically approved with EXTERNAL access.

Prerequisites:

  • New Account = ENABLED
  • Allow Account Signups = DEFAULT or TRUE

This setting works with the Allow Account Signups setting to determine:

  • If the account created by the user is disabled until the Administrator approves it
  • If the account is approved with a specific level of access automatically without intervention from the Administrator.

(lightbulb)  For smaller organizations or high security sites, you can configure this option so that when a user creates a new account it is disabled until it is approved by the administrator.

(lightbulb)  For larger organizations, it might not be practical to have the administrator approve every account created and so you can use the automatic account approval settings.


The scenarios where a user can create a new FileCloud account are described in Table 3.

Admins want FileCloud to automatically create a new FileCloud account

for their Active Directory or LDAP Users on First Login


Active Directory or LDAP Users create a new FileCloud account different from their AD or LDAP credentials

The Admin can configure the approval process

  1. The Administrator configures the Authentication Type as Active Directory or LDAP.
  2. (Optional) The Administrator imports AD or LDAP user accounts into FileCloud.
  3. The Administrator provides the user with the URL for the User Portal.
  4. The User accesses the user portal from a Web browser, mobile device, FileCloud Sync or FileCloud Drive.
  5. On the User Portal Login window, the user enters their AD or LDAP username and password.
  6. FileCloud uses the AD or LDAP credentials to automatically create a FileCloud account for that user.
  1. The Administrator configures the Authentication Type as Active Directory or LDAP.
  2. (Optional) The Administrator imports AD or LDAP user accounts into FileCloud.
  3. The Administrator provides the user with the URL for the User Portal.
  4. The User accesses the user portal from a Web browser, mobile device, FileCloud Sync or FileCloud Drive.
  5. On the User Portal Login window, the user clicks the New Account button.
  6. The user enters details in the account creation fields.
  7. The account is created and is either disabled OR granted access of a Full User, Guest User, or External User as set by the Administrator.
  8. The Admin is notified about the new account.
  9. The user will receive an account creation email using the email address provided during account creation.
  10. The user is required to verify the email account to complete the account creation process.

Settings option, Authentication tab

(tick) Authentication Type = ACTIVE DIRECTORY or LDAP

Customization settings, Login tab

(tick) New Account button = ENABLED

Settings option, Admin tab

(tick) Allow Account Signups = DEFAULT

(tick) Automatic Account Approval = 1, 2

Settings option, Authentication tab

(tick) Authentication Type = ACTIVE DIRECTORY or LDAP

Customization settings, Login tab

(tick) New Account button = ENABLED

Settings option, Admin tab

(tick) Allow Account Signups = DEFAULT

(info) Automatic Account Approval = 0, 1, 2, 3


For more information:

Configure Active Directory

Configure LDAP


Configuring a Scenario


FileCloud supports the following Authentication modes:

  • Default Authentication
  • Active Directory based Authentication
  • LDAP based Authentication

Table 3 Describes how each authentication mode impacts the users' ability to create a new account.

 Table 3. Authentication Modes Comparison


 

Default Authentication

AD

LDAP

Authentication

Performed by FileCloud Server

In AD ServerIn LDAP Server
Allowing Users to Create AccountsPermittedNot PermittedNot Permitted
User Account TypesFull, Guest, ExternalFull, GuestFull, Guest

Prerequisites

  • Active Directory or LDAP service must be accessible from FileCloud (IP and Port must be accessible)
  • Active Directory or LDAP must support Simple Authentication Method (Anonymous or Name/Password Authentication Mechanism of Simple Bind)
  • Active Directory or LDAP users must have an email attribute
  • The FileCloud version must be 4.0 or higher


To allow an AD or LDAP user to create a new FileCloud user account:

  1. Log in to the FileCloud Admin Portal.
  2. In the left navigation panel, click Settings.
  3. In the right panel, from the selection of tabs, click Authentication.
  4. Under Authentication Settings, in Authentication Type, select ACTIVE DIRECTORY or LDAP.

  5. To enable the New Account button, in the left navigation panel, click Customization, and then the Login tab.
  6. Next to New Account, select the checkbox if it is not already selected.
  7. To allows users to create an account, in the left navigation panel, click Settings, and then the Admin tab.
  8. In Allow Account Signups, select Default.
  9. To set an approval method, in Automatic Account Approval, choose one of the following values.
ValueDescription

(Default) 0

 The account created by the user is DISABLED by default. It requires Admin approval to assign FULL or GUEST access to the account.
1The new user account is automatically approved with FULL access.
2The new user account is automatically approved with GUEST access.
3The new user account is automatically approved with EXTERNAL access.

 The user is notified by email when:

  • Trying to connect (Admin approval pending) 
  • When the administrator has approved the device trying to connect