Login Account Properties

Note: This content is no longer updated. For the latest content, please go to the user guide for M-Files Online. For information on the supported product versions, refer to our lifecycle policy.

You can create a login account in M-Files Admin when you right-click Login Accounts in the left-side tree view and select New Login Account. For a step-by-step guide, see Creating a Login Account.

Tip: You can also import Windows login accounts to M-Files. For more information, see Importing Login Accounts.


The new login account creation dialog.

Windows authentication

Windows authentication can be used for authentication on M-Files Server. In this case, the user logs in to the vault with the same login information used to log in to Windows or the domain of the organization.

Domain login is the quickest and easiest authentication method. This means that new passwords and logins are not necessary, which makes this a user-friendly method. For more information, see Differences between the various user authentication methods.

Note: If your organization uses federated identity management, refer to Using Federated Authentication with M-Files.

M-Files authentication

With the M-Files authentication method, the user can log in to M-Files only. If the organization does not have a Windows domain or the user must not have access to it, it is a good idea to use M-Files authentication for the vault.

Personal information

Enter an email address and a full name for the login account. This information is used for sending notifications. For more information about notifications, see Editing Notification Settings in M-Files Admin. If the authentication method used is Windows authentication, you can retrieve the personal information from the domain when you click Update Information from Domain.

License type

Select a license type for the login account.

Named user license

Named user licenses are assigned to individual login accounts. This license allows the login account to use M-Files any time, independent of other users.

Concurrent user license

When a login account entitled to a concurrent user license logs in, one license of this type is taken up. When the login account logs out, the license becomes available for use by other login accounts that use this same license type.

Read-only license

Read-only licenses are assigned to individual login accounts. This license allows the login account to use M-Files at any time, independent of other users. With the license the user is only able to read the documents, not create or modify them.

External Connector license

External Connector licenses enable third-party systems to anonymously read M-Files database. The license type is necessary for example when M-Files data is published programmatically in an intranet or extranet environment to an unrestricted number of users.

Account is disabled

This function provides an easy way to specify whether the user can log in to the server or not. This function is useful if you do not want to remove the login account altogether, but to disable it for the time being.

Server roles: System administrator

With this role, the user can make any changes on the server level. The user can change the server logins and create and delete vaults. In other words, a system administrator can do any operation on a vault.

For a system administrator to log in to a vault on the server, a user account in that vault is not necessary. However, you can set the system administrator to not have access to vaults and rights to create users in vaults where they do not have a user account. To do this, a specific license is necessary. For more information, contact [email protected].

See the table for a comparison between the permissions of a system administrator and a user with the Full control of vault administrative rights. For a description of the administrator permissions in the Advanced Vault Settings section of the M-Files Admin configurations editor, see Configuring Advanced Vault Settings.

Operation System administrator Vault administrator
Create a vault Allowed Not allowed
Attach a vault Allowed Not allowed
Restore a vault Allowed Not allowed
Detach a vault Allowed Not allowed
Back up a vault Allowed Not allowed
Copy a vault Allowed Not allowed
Destroy a vault Allowed Not allowed
Optimize the database Allowed Not allowed
Back up the master database Allowed Not allowed
Restore the master database Allowed Not allowed
Take a vault offline Allowed Not allowed
Rebuild the full-text search index Allowed Allowed
Reset thumbnail images in a vault Allowed Allowed
Verify and repair a vault Allowed Not allowed
Migrate to Microsoft SQL Server Allowed Not allowed
Manage content replication and archiving settings Allowed Allowed to manage cloud storage based replication jobs
Create or import a login account Allowed Not allowed
Create a scheduled job Allowed Not allowed
Change M-Files Server notification settings Allowed Not allowed
Manage M-Files licenses Allowed Not allowed
Configure web and mobile access Allowed Not allowed
Shut down M-Files Server Allowed Not allowed
Log in to any vault Allowed Not allowed
Create and import users Allowed Not allowed
Import user groups Allowed Not allowed
Create user groups Allowed Allowed
See and read all vault content (including deleted objects) Allowed Allowed
See and undelete deleted objects Allowed Allowed
Destroy objects Allowed Allowed
Force undo checkout Allowed Allowed
Change permissions for all objects Allowed Allowed
Change metadata structure Allowed Allowed
Manage workflows Allowed Allowed
Manage login accounts Allowed Allowed
Manage common views and notification rules Allowed Allowed
Manage vault applications Allowed Not allowed
Edit scripts (for example related to event handlers, workflow states, and automatic property values) Allowed Not allowed
Manage connections to external sources Allowed Not allowed
Disable or enable vault event logging Allowed Not allowed
See and manage scheduled jobs Allowed Not allowed
Restart vault Allowed Allowed