Enabling Azure AD authentication

Note: This content is no longer updated. For the latest content, please go to the user guide for M-Files Online. For information on the supported product versions, refer to our lifecycle policy.

To enable Azure AD authentication:

  1. Open M-Files Admin and go to a vault.
    1. Open M-Files Admin.
    2. In the left-side tree view, expand an M-Files server connection.
    3. Expand Document Vaults.
    4. Expand a vault.
  2. Right-click the vault and select Properties.
  3. Open the Authentication tab.
  4. Enable Use Azure AD for authentication.
  5. Select one of these options:
    OptionDescription
    Prompt each user for consent upon first vault access Select this option to let vault users decide whether they want to give the applications access to their user credentials in Azure AD. With this option, Azure AD shows a prompt when the user logs in to the vault for the first time. In the prompt, the user can give the permissions to the applications.
    Give consent on behalf of all users in the directory (requires Azure AD administrator rights)

    Select this option to give the applications access to user credentials in Azure AD on behalf of all vault users. Only an Azure AD global administrator can give consent on behalf of other users.

    When you click OK or Apply, M-Files displays a login prompt. Write the credentials for the Azure AD account that is used for logging in to M-Files.
    The user credentials must have access to the Azure AD domain that you want to use for the user synchronization.
  6. Optional: In an on-premises environment, complete the configuration with the instructions in Configuring Mappings Between Incoming Connections and Vaults.
  7. Configure the user synchronization in Azure AD.
    Refer to Synchronizing Users from Azure Active Directory to M-Files.