Managing User Groups with User Provisioning

With user provisioning, you can manage user groups through your identity provider, which then pushes the users to M-Files.

To set up user provisioning, see Configuring User Provisioning with Other Identity Providers. When user provisioning is in use, you can change the license type for a whole user group. This lets you implement, for example, role-based access rights. For instructions on how to change the license type for a user group, see Changing the License Type for User Groups.
Note: The Subscription admin role is necessary to manage user groups in M-Files Manage.
Tip: Microsoft Entra ID is the recommended method for user provisioning. However, it is also possible to provision users with any other identity provider that supports the SCIM protocol.

Provisioning uses the SCIM protocol. SCIM is a standardized HTTP-based protocol (RFC 7644) designed to manage identities in multi-domain scenarios.

Key features of user provisioning

User provisioning lets you do these operations:

  • Automatically create users (login accounts) to the subscription.
  • Easily link an Entra ID or another identity provider user group to many vaults.
  • Automatically create vault users.
  • Automatically update the subscription's user groups and vault users when users group members are added or removed in Entra ID or other identity providers.
  • Automatically disable the subscription's users that are deleted in Entra ID or other identity providers.
  • Make sure that user information in M-Files is always consistent with user information in Entra ID or other identity providers.
    • For example, if a user's name and email are changed in Entra ID or your other identity provider, the changes are synchronized to M-Files.
  • Manage M-Files licenses at the user group level.