Document Vault Authentication

The Authentication tab of the Document Vault Properties dialog contains settings related to vault user synchronization and authentication. The tab is available in the Document Vault Properties dialog of existing vaults. When you create a vault, you cannot see this tab.

User synchronization

There are two methods to set up user synchronization with Azure AD. With the SCIM method (the first one in the list), user group management is done in Azure AD and Azure AD pushes the users to M-Files. With the plugin method (the second one in the list), user group management is done in M-Files Admin and M-Files pulls the users from Azure AD.

Synchronizing Users from Azure Active Directory to M-Files
- To use this method, you must have an Azure AD Premium license.
- To use this method in an on-premises environment, you must also enable vault-specific login accounts. With vault-specific login accounts, you manage all login accounts in each vault separately. For instructions, write to our customer support at [email protected].
Configuring Azure Active Directory Synchronization Plugin

User authentication

Refer to the specified instructions in this table to set up user authentication in your environment:


Deployment	Instructions
M-Files Cloud and Azure Active Directory	Enabling Azure AD authentication
M-Files Cloud and OAuth 2.0 or OpenID Connect compliant identity provider other than Azure Active Directory	Configuring OpenID Connect and OAuth 2.0 for M-Files Authentication
On-premises server or self-hosted cloud environment	Configuring OpenID Connect and OAuth 2.0 for M-Files Authentication

Anonymous authentication

Enable this feature to set the new M-Files Web and M-Files Mobile users to have read-only access to this vault without username and password. When the feature is enabled, M-Files adds an anonymous user to the vault. The user has no login account on the server, but you can use it to set permissions, and add it to user groups. The anonymous user is created as an external user. However, you can change it to an internal user.

Prerequisites:

You must have External Connector license.
In on-premises and self-hosted cloud environments, you must set up mappings between incoming connections and your vaults.

Remarks:

M-Files Desktop and the classic M-Files Web do not use this setting. To set up anonymous authentication for the classic M-Files Web, see Publication Settings for Classic M-Files Web.
The anonymous user does not decrease the number of your read-only licenses.