Note: This content is no longer updated.
For the latest content, please go to the user guide for M-Files Online. For information on the supported product
versions, refer to our lifecycle policy.
Traditionally, the need to verify user identity has been met by using software-specific
credentials or Windows credentials. Federated authentication offers organizations the
possibility to use an authentication system that is completely external to M-Files. Federated authentication allows M-Files
users to be authenticated using third-party services called identity providers, such as Google
or Azure AD. In many cases, having a centralized repository for all the M-Files user credentials completely outside the M-Files system can be very useful. Federated identity management also
enables single sign-on, and provides the opportunity for the users to utilize their existing
credentials.Authentication flow in a federated authentication system.
The figure gives an overview of the federated authentication process:
An M-Files user attempts to log in to a vault, and the client,
be it M-Files Desktop or any other M-Files
client, sends an authentication request to M-Files Server.
M-Files Server creates an authorization request, which it sends to the
identity provider.
The user is then redirected to the identity provider's login page where the user
provides her credentials.
After the identity provider has validated the credentials, it returns a response to M-Files Server in the form of an identity token, which contains an assertion
affirming that the user has been authenticated.
M-Files Server verifies the identity token and grants the user access to
the vault.
You may use the configurations editor in M-Files Admin to enable federated
authentication in your vault. For more information, see Using the Configurations Editor.
Authentication flow in a federated authentication system.