Question:
How do I configure DocuWare Single Sign-On?
Solution:
To configure your organization to use Single-Sign On, a Microsoft App Registration will need to be created. If you have not created a Microsoft App Registration, please follow KBA-36306 to do so.
Once completed, you may proceed in configuring Single Sign-On for your DocuWare system.
1. From the DocuWare Web Client, navigate to the Configurations page using the dropdown under your username.
2. Click on the Organization Settings plugin.
3. Click on the Security tab, enable Single Sign-On using the checkbox, then select the Configure single sign-on connection link.
4. Here, you'll be presented with the configuration page for Single Sign On.
(Note: Refer to your App Registration for the Issuer URL and the Client ID)
Locating your Issuer URL & Client ID
The Identity provider will always be Microsoft Azure Active Directory as it is the only one DocuWare supports at this time. The Issuer URL can be found in the Endpoints tab of your App Registration and can be found under OpenID Connect metadata document.
The Client ID is found in the Overview tab of your Microsoft Azure App Registration. This value may be shown as Application (client) ID.
You can find instructions for connecting an identity provider with OpenID Connect on our help page: Connect DocuWare with Okta
Utilizing "Automatically link existing users at login" option
If this option is enabled, DocuWare searches for a matching existing DocuWare user with the corresponding username and email address the first time a user logs on with Single Sign-On. The DocuWare username must match the local part (first part to @) and the DocuWare email address must match the complete username in Azure Active Directory.
Only if the username AND email address match will the Azure Active Directory user account and the DocuWare user account be connected.
Example: Azure AD username: peggy.jenkins@peters-engineering.net
DocuWare username: peggy.jenkins
DocuWare Email address: peggy.jenkins@peters-engineering.net
5. Once your Single Sign-On configuration is complete, click OK, then Save. Your organization should now be ready for Single Sign-On login. The Continue with Microsoft option will now appear on the login page of your DocuWare system.
KBA is applicable for both Cloud and On-premise Organizations.