Microsoft Azure Active Directory

DocuWare supports Microsoft Azure Active Directory as an identity provider for single sign-on. Here's how to connect DocuWare to Azure Active Directory.

1. In DocuWare Configuration, under Organization settings > Security activate the option Enable single sign-on.
   

2. Add a new app registry in Microsoft Azure Active Directory.
   

3. Add a new redirect URI for the newly created app registration.
   

4. Copy the Callback URL from DocuWare Configuration under Organization settings > Security > Connection into the URI (Web) field and and activate the option ID tokens.
   
   
   

5. Copy the Application (client) ID in the overview of the app registration, and under Endpoints copy the URL to the OpenID Connect metadata document and add these in DocuWare under Organization settings > Security > Configure single sign-on connection > For Client ID or Issuer URL.
   
   

6. After saving the settings, users have the option of logging on with a DocuWare user name and password, as well as single sign-on via Microsoft. Registration via DocuWare credentials cannot currently be deactivated.

Regarding the option "Automatically link existing users at login":

If this option is activated, the first time a user logs in with single sign-on, DocuWare will search for a suitable existing DocuWare user with the appropriate user name and email address. The DocuWare user name must correspond to the local part (first part up to @) and the DocuWare email address to the full user name in Azure Active Directory.

The Azure Active Directory user account and the DocuWare user account will only be linked if the user name AND email address match.

Example:

• Azure AD user principal name: peggy.jenkins@peters-engineering.net

• DocuWare username: peggy.jenkins

• DocuWare email address: peggy.jenkins@peters-engineering.net

It is not mandatory for DocuWare users to be created via the User Synchronization app in order to use single sign-on. Even if you create new users manually or import them via an interface, the external user account and the DocuWare account are automatically compared. As soon as a user has been assigned, the user is recognized from this point on based on their external object ID. This means that even if the email address and/or the user name no longer match, the user is still recognized.