Foldr 18.104.22.168 introduces support for local user accounts in the Foldr appliance. This allows an organisation to use Foldr without the need for supporting infrastructure to authenticate users (Microsoft Active Directory). This opens up the possibility to use the file access, sharing and security benefits of Foldr, without also having to provide and support an expensive / complex backend server environment.
User accounts, and groups to manage them, can be created directly within the Foldr Settings web admin UI. Storage locations (on-premise SMB shares) can be presented to users through the use of dedicated service accounts and cloud storage locations can utilise the same APIs as a traditional Foldr deployment where Active Directory is available.
Creating Local Users
To create a local user account, navigate to Foldr Settings >> Users & Groups. Then click + Add New User
Complete the fields as shown in the example below. Please note that the email address supplied will be used as the username for local accounts.
Click CREATE to save the local account.
Local vs External Users
When creating local user accounts, you will notice there is a option to change the account type from local to external. External accounts are a special account type that is used to sign into Secure Public Links to retrieve items that have been shared. These links are typically used by people outside of the organisation. More information on Secure Links can be found here
Presenting On-Premise Storage to Local Users
To make on-premise SMB shares available to local users, the Foldr administrator is required to provide a service account in order to authenticate against the storage device. This could be a Windows file server or NAS / other SAMBA server hosting shares over SMB, or on-premise SharePoint server (WebDAV)
Navigate to Foldr Settings >> Shares and configure the share path as normal, prefixing the path with smb:// as shown below:
Scroll down and select a service account that will be used to connect local users to the SMB share. Please note that the service account must have relevant permission to read/write to the storage location.
Click on the Advanced tab and enable the toggle ‘Use service account for all access‘
Finally, click Save Changes.
Storage Permissions & Share Visibility
By default a built-in group within Foldr labelled ‘Foldr Users’ will be given read / write permissions.
The ‘Foldr Users’ group represents everyone, and due to the fact that a service account is being used, by default the storage location will be presented to all users. This may not be desirable, so in order to control which users can see the SMB share in the Foldr interface, the Foldr Users group should be removed by clicking the inline X button when you mouse-over the group.
You can then use + Add User or Group to search for local user accounts or local groups and provide read/write access to the share as required. Note that Foldr share permissions (such as a deny) entry will override the permissions of the service account.
Creating Local Groups
There are two types of Groups available in Foldr that apply to local users – ‘Local’ and ‘Sharing’. Local groups are used with the Foldr Settings UI only and are typically used to apply permissions / security options. ‘Sharing’ groups are used by end users in the apps to share items with multiple people quickly and easily inside the organisation.
To create a local group, navigate to Foldr Settings >> Users & Groups >> Groups and click + Add New Group
The local group can be populated with users using the Members tab and once created is available throughout the Foldr Settings UI to be used to apply permissions / allow / deny rules where relevant.
Presenting Cloud Storage to Local Users
Local users can link various cloud storage to their account, such as Dropbox, Box, AWS, Google Drive and OneDrive/SharePoint. Once enabled by the Foldr administrator, a user can link their cloud accounts via the Me > Services menu in the web app. Google and Microsoft accounts can be linked to users automatically through the use of a service account, the local account username (email address) is used to match the local account with the corresponding cloud account.
G Suite (automated linking) – instructions
G Suite (manual linking) – instructions
Office 365 / OneDrive for Busines (automated linking) – instructions
Office 365 / OneDrive for Business (manual linking) – instructions
Dropbox – instructions