For users to access Filr, they must generally be provisioned on the Filr system in one of the following ways:
They can be synchronized from an internal LDAP identity store.
They can be created by Filr administrators.
They can be invited to participate through share invitations.
When they respond to the invitations, they are given the opportunity to either
Self-provision an account on the Filr server.
or
Access Filr using a Google or Yahoo OpenID account.
After they are provisioned, they can then be granted personal storage and other permissions similar to those enjoyed by internal users.
Users can be assigned rights on Filr as members of groups, including as members of either the All Internal Users group or the All External Users group, which includes those whose accounts were created as a result of an email share invitation.
After users and groups are provisioned, they have accounts in Filr that correspond to their original identities, but in the case of LDAP, these are only secondary. Filr synchronizes regularly with LDAP to verify authentication credentials, the status of home directories, updates on file system rights, and so on.
Finally, when Filr administrators allow it, Guest
users are able to access publicly available files and folders through Filr.
Figure 16-1 provides a high-level overview of the provisioning process that allows users and groups to access an organization’s internal data through Filr.
Figure 16-1 Provisioning Users and Groups
Letter |
Details |
---|---|
eDirectory users are provisioned on Filr through LDAP/LDAPS synchronization. Synchronization is one-way. Password and other changes on the eDirectory side are handled in Filr without additional configuration. Password and other changes can be made to a user’s Filr configuration. However, they are not synchronized back to eDirectory. Instead, they are overwritten by the configuration in eDirectory with each synchronization. |
|
Active Directory (AD) users are provisioned on Filr through LDAP/LDAPS synchronization. Synchronization is one-way. Password and other changes on the AD side are handled in Filr without additional configuration. Password and other changes can be made to a user’s Filr configuration. However, they are not synchronized back to AD. Instead, they are overwritten by the configuration in AD with each synchronization. |
|
Filr administrators can also provision users on the Filr appliance. These are referred to as Local users in the documentation and Filr interfaces. |
|
External User accounts are created when share invitations are issued through email from Filr. The users provision themselves with a password, and so on when they log in to Filr. |
|
Public users (Guests) aren’t provisioned with accounts on Filr. Public users are anonymous to Filr and are allowed access to shared files in Net Folders through the Proxy User assigned to the Net Folder they are accessing. For shared files and folders in My Files, Public users gain access through the Filr admin process. |