If your organization uses Azure Entra to manage employee access to tools and services, you can utilize Azure Provisioning feature to automatically provide your users with access to DocuWare via SCIM. This guide will walk you through the steps to configure both DocuWare and Azure Entra to set up provisioning for your organization.
User provisioning with DocuWare version 7.12 supports the following provisioning features:
Automatic User Creation: Users assigned to the Enterprise application in Azure are automatically created as users in Docuware.
Attribute Synchronization: Any updates to user attributes (userName, email, activeness) in Azure will be reflected in Docuware.
User Deactivation: When users are deactivated in Azure, they are marked as disabled in Docuware, preventing them from logging in.
Configuring Azure
Login to the Azure portal via the following link - Home - Microsoft Azure.
Go to Enterprise Applications page.
Click New Application.
Click Create your own application
Choose Name for your app and select the following option:
After creation click on Provisioning menu in the side bar and in the browser’s URL bar update the URL so that
#view is replaced with ?feature.userProvisioningV2Authentication=true#view
in order to see all authentication options in Admin Credentials → Authentication Method.Select Automatic from the Provisioning Mode dropdown.
Open Admin Credentials.
Don’t close the Ature configuration and switch to DocuWare Configuration.
Configuring Docuware
Open DocuWare Configuration > Intgerations > App Registration.
Select New app registration > Web application > Continue.
Enter a name for the app registration, then:
add a Redirect URL with the value https://portal.azure.com/TokenAuthorize
select Authorization Code as Grant type
select User Provisioning in Allowed Resources
click Save
From the just created App Registration copy the values of
Application (Client) ID
Client secret
Open DocuWare Configuration > General > User Provisioning.
Activate the option Enable User Provisioning.
As Identity Provider select Azure Entra.
As Application Registration select the created app registration in the plugin App Registrations (Test SCIM).
Click on the button Save.
Copy the links Tenant URL, Authorization Endpoint, Token Endpoint.
Go back to Entra > your application > Manage > Provisioning > Admin Credentials.
Make sure that the Oauth2 Authorization Code Grant is selected in the Authentication Method dropdown
Paste all the copied data from steps 5 and 10 in the proper fields into this dialog:
When all the required data is populated click on Authorize, then save the changes.
If an error is displayed in the top-right corner after save, click on the Save button again.
Configure Provisioning mappings
These are the required mappings for UserSyncV3 Service
Azure:
From Provisioning > Mappings, choose Provision Microsoft Entra ID Users for User mappings.
2, Set the required mappings:
userName: userPrincipalName
active: Switch([IsSoftDeleted], , "False", "True", "True", "False")
emails[type eq "work"].value: Coalesce([mail],[userPrincipalName])
externalId: objectId
For mapping the email attribute you will need first to update it’s configuration:
Open for Edit the attribute: emails[type eq "work"].value
Change the mapping type to Expression.
Update the expression field to: Coalesce([mail],[userPrincipalName])
Save with OK.
For mapping the externalId attribute properly you will also need to first update it’s configuration:
Open for Edit the attribute: externalId: mailNickname
Change the source attribute to: objectId
Save with OK.
Delete all the extra mappings and Save(if they are not deleted, it can cause an errors when updated users are provisioned).
Provisioning users
Navigate to the Overview page in your Entra application and click on Start provisioning.
Switch to DocuWare Configuration > User Management and check if the synchronized users are provisioned as expected.