Question:
How to synchronize users from an external directory to DocuWare?
Answer:
DocuWare offers two different tools to synchronize users from external directories:
- User Synchronization in the DocuWare Administration Tool (referred to as User Sync V1).
- User Synchronization stand-alone application (referred to as User Sync V2) that can be installed via Desktop Apps setup.
This article will describe the functionality of User Sync V2. For an overview of User Sync V1 legacy tool, please visit KBA-34826 - User Synchronization with Active Directory - By Example.
Features:
- Synchronize users from Active Directory
- Synchronize users from Azure Active Directory
- Synchronization to DocuWare On-Premise or Cloud system
- Create a Document Tray for newly created users (optional)
- Send registration emails to newly created users (optional)
Installation:
Run the DocuWare Desktop Apps setup and click on "Show administrative options". Select "User Synchronization" and click Install.
Configuration:
- Open the User Synchronization app. The URL of your DocuWare system should already be pre-filled here.
- Click on "Start” and proceed by logging in with your DocuWare credentials (in newer versions, the login window will open in your default browser).
- Select whether you want to synchronize from a local Active Directory or an Azure AD (please find a detailed guide on connecting User Synchronization AAD here: KBA-36343 - How to Connect DocuWare User Sync Tool with Azure Active Directory).
Please note: If you plan to use Single Sign On in addition to user synchronization, we recommend synchronizing users from the directory that will also be used for SSO (usually Azure AD).
- Once you have selected the Identity Provider, click "Connect"
On the next page, select which groups and users you want to synchronize to DocuWare. The configuration differs depending on whether you are synchronizing from Azure AD or local AD:
- For local AD, you don't select the groups and users directly but through the Organizational Units or OUs for short (a type of folder in AD). Select the OU that contains all the groups you want to synchronize. If the OU contains more groups than you want to synchronize, you can exclude them from synchronization in a later step.
- Then select the AD attribute that contains the name you want to use as a group name in DocuWare. You can also manually adjust the DocuWare group names in a later configuration step.
- To select users, proceed similarly: Select the OU that contains all users to be synchronized. If this is not possible and your OU also contains users that should not be synchronized to DocuWare, please proceed as described in the article KBA-36995 - How to synchronize only members of a selected group?
- Select the AD attribute you want to use as the login name for the DocuWare users.
- If you want to match existing DocuWare users to external users, please activate the option "Match non-synchronized users by name and email".
Please note: the login name in DocuWare is compared here with the value from the AD attribute selected in the previous step. If you have existing (non-synchronized) users in DocuWare whose login name does not match the value from the AD attribute, you have to manually adjust the user’s name in DocuWare so that it can be successfully matched during synchronization. - Local AD: For more information on the option "Include users in selected groups who are not found in the selected user node" please see KBA-36995 - How to synchronize only members of a selected group?.
Azure AD: If you wish to synchronize all users in the selected groups, you can enable the option "Include users in selected groups who are not found in the selected user node". - Select whether you want to create a document tray for each new user created by user synchronization.
- Select if you want to send an email informing the user about the account creation and asking them to set a password. This is usually not desired if you plan to use SSO.
- For Azure AD, please select the groups you want to synchronize individually or use the search.
Note: If you have many groups, you can select them directly from the configuration file. Please get in touch with DocuWare support for further instructions.
- Please select one or more Azure AD groups that contain all users to be synchronized.
- Select the Azure AD attribute you want to use as the login name for the DocuWare users.
- Switch to the next tab, "Group Matching"
- The groups from the external directory are displayed on the left side. If a group does not yet exist in DocuWare, it will be automatically created with the same name as in the external directory.
- If you do not want this, please select an existing group on the right side, create a new group, or exclude the group from synchronization.
- Switch to the "Additional Options" tab.
- This tab is needed only if you plan to use SSO via NTLM (the so-called Windows login). If this is the case, please activate the checkbox. No other settings are needed here.
- Switch to the "Synchronize Users" tab.
- Via "Synchronize now," you can execute the synchronization directly once.
- Create a task in the Windows task scheduler here, which executes the synchronization daily at 1 a.m.
Attention: the task must be created by the domain user who will execute the task. To do this, log in to Windows with the same domain user that will later run the Windows task and launch the DocuWare User Synchronization Desktop App. When creating the task, please enter the same domain user and the password that you are logged in with and used to start the app.
Please note: this is a client application running on the local device. - Exit the application and save your configuration.
Troubleshooting:
KBA-36843 - DocuWare User Synchronisation Desktop App - User is not created
KBA is applicable to both Cloud and On-premise Organizations.