User Synchronization Details

This information applies to user synchronization with local active directories and with the vault-level plugin method for Microsoft Entra ID. For synchronization details with M-Files Manage provisioning, refer to the M-Files Manage user guide.

Changes in AD group members

See the table for information on what occurs in M-Files when the members of the synchronized AD groups have changed.


Change	Effects
Users added to AD groups that are synchronized to M-Files	The users are added as vault users to the vault that contains the user group. If the added users do not yet have M-Files login accounts, new login accounts are automatically created for the users and the license specified in the synchronization settings is applied to the new login accounts. No changes are made to existing M-Files login accounts. For example, if users have been assigned concurrent licenses, and they are added to a group with named licenses, the users keep the concurrent licenses.
Users removed from all the AD groups that are synchronized to M-Files	The users are removed from the user group in M-Files. They lose all permissions that were granted to them through the group membership. The user accounts stay in M-Files but are disabled. The login accounts stay active. They keep the licenses that are assigned to them. Note: Users are not automatically disabled if they are members of at least one synchronized AD group.

See the table for information on what occurs if you disable or delete synchronized users in the vault.


Change	Effects
Synchronized users disabled in M-Files	By default, the users stay disabled. To enable the users again, they must be enabled in M-Files. If you use a synchronization plugin, you can change the default behavior. To do this, go to the Active Directory Importing settings and set Enable Disabled Users from Imported Groups to Yes.
Synchronized users deleted in M-Files	The AD group synchronization does not create the deleted users again to the vault.