Traditionally, the need to verify user identity has been met by using software-specific credentials or
Windows credentials. Federated authentication offers organizations the possibility to use an
authentication system that is completely external to M-Files. Federated
authentication allows M-Files users to be authenticated using third-party
services called identity providers, such as Google or Microsoft Entra ID. In
many cases, having a centralized repository for all the M-Files user credentials
completely outside the M-Files system can be very useful. Federated
identity management also enables single sign-on, and provides the opportunity for the users to utilize
their existing credentials.Authentication flow in a federated authentication system.
The figure gives an overview of the federated authentication process:
An M-Files user tries to log in to a vault, and the client sends an
authentication request to M-Files Server.
M-Files Server creates an authorization request, which it sends to the identity
provider.
The user is then redirected to the identity provider's login page where the user provides her
credentials.
After the identity provider has validated the credentials, it returns a response to M-Files Server in the form of an identity token, which contains an assertion affirming
that the user has been authenticated.
M-Files Server verifies the identity token and grants the user access to the
vault.
You may use the configurations editor in M-Files Admin to enable federated
authentication in your vault. For more information, see Using the Configurations Editor.
Authentication flow in a federated authentication system.