With DocuWare version 7.13 and later, the configuration for the Trusted Application User function can be found in the DocuWare Configurations.
A trusted application user is a special DocuWare account that an external system—such as an ERP or CRM—uses to access DocuWare without prompting the user to log in again.
This setup is essential when standard single sign-on cannot be used—for example, if DocuWare and the external system sit in different Active Directory domains with no trust relationship, which prevents Kerberos authentication, or if the external application simply cannot relay Windows credentials.
Login Process
1. The employee logs in to the external application.
2. The external application accesses DocuWare by using the credentials of the Trusted Application User.
3. At the same time, the external application passes the employee’s DocuWare username to DocuWare.
4. DocuWare recognizes this username, internally switches to the linked DocuWare account, and performs every action under that account.
Example
If an employee in an ERP system that does not support Windows authentication wants to view a document stored in DocuWare, he or she would normally have to log in to DocuWare with a username and password. To avoid this second login, a Trusted Application User is used. Authentication takes place in the background, and the employee is unaware of it.
Permissions of the Trusted Application User
The Trusted Application User must be identical to an existing DocuWare user account. The Trusted Application User always inherits the permissions of the DocuWare user who creates the Trusted Application User.
After the login, the employee has the same functional and file cabinet rights that this DocuWare user possesses—with one exception: when signing in through a Trusted Application User, the employee does not receive the administrative rights (system administrator, organization administrator, file cabinet owner/administrator) that would be available during a regular login.
Available file cabinets
Each Trusted Application User has assigned specific file cabinets.
When the employee connects via the Trusted Application User, only those file cabinets that are assigned to both the Trusted Application User and the employee’s own DocuWare account are available. This prevents employees from using the Trusted Application User to open file cabinets they are not entitled to access as regular DocuWare users.