Configuring User Provisioning
Important information
When you enable user provisioning in M-Files Manage, all the provisioned users first get the license that you set as the default license type for the provisioned users. This applies also if vault-level user synchronization has been previously used. This means that some users can temporarily get a lower license. You can specify the license type for each user group after the user groups have been provisioned.
In Azure, SCIM is unidirectional, and the changes made in Microsoft Entra ID are synchronized to M-Files user and login accounts. However, the opposite is not true. Thus, do not use M-Files to make any changes to groups that are provisioned from Entra ID with SCIM. Changes made to M-Files user accounts will not have any effect in Entra ID.
Prerequisites
Before you set up user provisioning, make sure that these prerequisites are completed.
- You have the Subscription admin role in M-Files Manage.
- Entra ID authentication is set up in all the target vaults. For more information, see Federated Authentication.
- All vaults in your subscription have user synchronization disabled in M-Files Admin.
- For instructions, refer to section 2 (Enabling User Synchronization in M-Files Admin) in Synchronizing Users from Microsoft Entra ID to M-Files with SCIM. If you have previously used vault-level user synchronization or the legacy configuration method for user provisioning in M-Files Manage, please note that it is not possible to use the same Entra ID enterprise application. Instead, you create a new enterprise application that has been pre-integrated with Entra ID.
- You have an Microsoft Entra ID Premium license.
- You have an Entra ID tenant.
- You have a user account in Entra ID with permission to configure user provisioning (for example, Application Administrator, Cloud Application Administrator, Application Owner, or Global Administrator).