Options
  • State Suggested Answer
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 11 subscribers
  • Views 38 views
  • Users 0 members are here
Related

How to Manage External Users with Windows Authentication in On-Prem M-Files + Teams Integration?

Admir.MFiles

Hi,

We’re setting up the Teams integration for our on-prem M-Files environment and have some questions regarding external user management.

Let’s say our organization is Company ABC, and we want to invite external users from Company XYZ to collaborate via Teams and access M-Files.

Our goals:

  • Use Windows Authentication for all users (including external ones)

  • Have external users automatically marked as External in M-Files

  • Automate the whole user provisioning process

Questions:

  1. Do we need to add external users as guest accounts in our Active Directory ?

  2. Is there a way to synchronize external users into M-Files so that:

    • They can log in using Windows Authentication

    • They are automatically marked as external users

  3. What's the recommended setup for managing such cross-organization access when using Teams + M-Files on-prem?

We’re looking for a scalable and secure solution without having to manually manage each user.

Thanks.

  • 0

    Setting Up and Using M-Files for Microsoft Teams mentions these two requirements under Prerequisites so I think you need to use Entra ID as the IdP and the use of local AD is not possible:

    • Make sure that Microsoft Entra ID is configured in your organization. This is because M-Files for Microsoft Teams uses Microsoft Entra ID to authenticate users in the M-Files tab.
    • If the users in your organization collaborate with people that are not in your organization, the people not in your organization must have access to your organization's Microsoft Entra ID directory. To give access, you must enable inviting guest users to your Microsoft Entra ID directory or add the guest users to your Microsoft Entra directory. For more information, refer to Collaborate with guests in a team (IT Admins) and Quickstart: Add a guest user and send an invitation in Microsoft documentation.

    Check also the other on-premises requirements from the guide. Recommendation is to enable vault-specific login accounts on the server to make the external user management smoother.

    If you need further assistance, you can contact the Partner Support team via the Support Portal.

  • 0 in reply to Joonas Linkola

    Hi,

    Yes, Microsoft Entra ID is already configured in our environment, and vault-specific login accounts are enabled on the server.

    If we manually add a guest user to our Entra ID and then manually create their login in M-Files (marking them as external), everything works fine, the user can authenticate using their own domain credentials.

    However, our goal is to automate this process. We would like to:

    • Automatically provision guest users from Entra ID into M-Files

    • Allow them to authenticate via Windows Authentication (through Entra ID)

    • Automatically mark their M-Files accounts as External users

    Additional Question:

    We've also noticed that pressing the “Update new members” button in the M-Files tab in Teams does not create new login accounts for recently added members of the Teams channel. According to the documentation

    "If at any point you invite new users or remove users from the Teams channel and want to collaborate with them in the already created M-Files tab, you need to go to the tab's configuration page and press the Update new members button"

    But this doesn’t seem to be happening.
    Is this expected behavior, or are we missing a configuration step?

    Thanks again for your help!

M-Files
M-Files Support


© 2025 M-Files, All Rights Reserved.