Accessing M-Files Vaults without VPN

Organizations have traditionally relied on Virtual Private Network (VPN) technology to secure access to corporate resources (such as M-Files vaults) from outside the private network of the organization. M-Files versions 10.2 and later enable you to provide secure access to the M-Files system without the downsides of the traditional VPN-based approach.

The security of this approach is based on encrypting all network traffic between client devices and the server with HTTPS (SSL/TLS) and on using a pre-shared key as an additional "shared secret" in authentication to ensure that only authorized devices can attempt to connect to the system.

Note: Cloud-based servers, M-Files Web, and the mobile applications use the HTTPS protocol by default, but for pre-shared keys to work on desktop clients connecting to an on-premises server, "RPC over HTTP with SSL" communication between the server and the desktop clients needs to be enabled. For more information, refer to the document Enabling RPC over HTTPS connections to M-Files Server.

Together, the HTTPS encryption and the use of a pre-shared key as a second factor in authentication provide similar security as VPN but without the complexity and compatibility challenges of VPN. However, it needs to be noted that the approach is not identical to VPN from the security point of view, and that each organization needs to determine if granting access to M-Files vaults without VPN is appropriate considering the organization's business needs and security requirements.

For more information about using pre-shared keys for secure M-Files access, please refer to Securing Access to M-Files Vaults with a Pre-Shared Key.
Note: M-Files Cloud environments do not support pre-shared key authentication. You can use in M-Files Cloud environments other strong authentication mechanisms by compatible identity providers, such as Azure Active Directory and Okta.