Document Vault Authentication

The Authentication tab of the Document Vault Properties dialog contains settings related to vault user synchronization and authentication with Azure AD. The tab is available in the Document Vault Properties dialog of existing vaults. When you create a vault, you cannot see this tab.

User synchronization

There are two methods to set up user synchronization with Azure AD. In both, user group management is done in Azure AD, but they are different in how users are brought to M-Files. With the SCIM method, Azure AD pushes the users to M-Files. With the plugin method, you specify the groups that you want in M-Files Admin and M-Files periodically pulls the users from Azure AD.

User authentication

Refer to the specified instructions in this table to set up user authentication in your environment:

Deployment Instructions
M-Files Cloud and Azure Active Directory Enabling Azure AD authentication
On-premises server and Azure Active Directory Configuring Vault Authentication with Azure AD in On-Premises Environments
Any environment and any OAuth 2.0 or OpenID Connect compliant identity provider Configuring OpenID Connect and OAuth 2.0 for M-Files Authentication

Additional remarks:

Anonymous authentication

Enable this feature to set the new M-Files Web and M-Files Mobile users to have read-only access to this vault without username and password. When the feature is enabled, M-Files adds an anonymous user to the vault. The user has no login account on the server, but you can use it to set permissions, and add it to user groups. The anonymous user is created as an external user. However, you can change it to an internal user.

Important: When this feature is enabled, the vault always uses anonymous authentication and personal credentials cannot be used with the new M-Files Web and M-Files Mobile.

Prerequisites to set up the feature: