How to integrate Azure Entra to DocuWare User provisioning

If your organization uses Azure Entra to manage employee access to tools and services, you can utilize Azure Provisioning feature to automatically provide your users with access to DocuWare via SCIM. This guide will walk you through the steps to configure both DocuWare and Azure Entra to set up provisioning for your organization.

User provisioning with DocuWare version 7.12 supports the following provisioning features:

  • Automatic User Creation: Users assigned to the Enterprise application in Azure are automatically created as users in Docuware.

  • Attribute Synchronization: Any updates to user attributes (userName, email, activeness) in Azure will be reflected in Docuware.

  • User Deactivation: When users are deactivated in Azure, they are marked as disabled in Docuware, preventing them from logging in.

Configuring Azure

  1. Login to the Azure portal via the following link - Home - Microsoft Azure.

  2. Go to Enterprise Applications page.  

  3. Click New Application.

    pen image-20240819-125646.png

    image-20240819-125646.png

  1. Click Create your own application

  2. Choose Name for your app and select the following option:

  3. After creation click on Provisioning menu in the side bar and in the browser’s URL bar update the URL so that

    #view is replaced with  ?feature.userProvisioningV2Authentication=true#view

    in order to see all authentication options in Admin Credentials → Authentication Method.

  4. Select Automatic from the Provisioning Mode dropdown.

  5. Open Admin Credentials.  

  6. Don’t close the Ature configuration and switch to DocuWare Configuration.

Configuring Docuware

  1. Open DocuWare Configuration > Intgerations > App Registration.

  2. Select New app registration > Web application > Continue.  

  3. Enter a name for the app registration, then:

    1. add a Redirect URL with the value https://portal.azure.com/TokenAuthorize

    2. select Authorization Code as Grant type

    3. select User Provisioning in Allowed Resources

    4. click Save


  1. From the just created App Registration copy the values of

    1. Application (Client) ID

    2. Client secret

  1. Open DocuWare Configuration > General > User Provisioning.  

  2. Activate the option Enable User Provisioning.

  3. As Identity Provider select Azure Entra.

  4. As Application Registration select the created app registration in the plugin App Registrations (Test SCIM).

  5. Click on the button Save.

  6. Copy the links Tenant URL, Authorization Endpoint, Token Endpoint.

  7. Go back to Entra > your application > Manage > Provisioning > Admin Credentials.

  8. Make sure that the Oauth2 Authorization Code Grant is selected in the Authentication Method dropdown

  9. Paste all the copied data from steps 5 and 10 in the proper fields into this dialog:

When all the required data is populated click on Authorize, then save the changes.

  • If an error is displayed in the top-right corner after save, click on the Save button again.

Configure Provisioning mappings

These are the required mappings for UserSyncV3 Service

Azure:

  1. From Provisioning > Mappings, choose Provision Microsoft Entra ID Users for User mappings.

2, Set the required mappings:

  • userName: userPrincipalName

  • active: Switch([IsSoftDeleted], , "False", "True", "True", "False")

  • emails[type eq "work"].value: Coalesce([mail],[userPrincipalName])

  • externalId: objectId

  • For mapping the email attribute you will need first to update it’s configuration:

    • Open for Edit the attribute: emails[type eq "work"].value  

    • Change the mapping type to Expression.

    • Update the expression field to: Coalesce([mail],[userPrincipalName])

    • Save with OK.

  • For mapping the externalId attribute properly you will also need to first update it’s configuration:

  • Open for Edit the attribute: externalId: mailNickname

  • Change the source attribute to: objectId

  • Save with OK.

  1. Delete all the extra mappings and Save(if they are not deleted, it can cause an errors when updated users are provisioned).

Provisioning users

Navigate to the Overview page in your Entra application and click on Start provisioning.

Switch to DocuWare Configuration > User Management and check if the synchronized users are provisioned as expected.