Azure AD authentication instance
This manual lists all the configurations that the S-Filer Portal's Configuration CLI can change about the Azure AD authentication instance.
| Configuration key | Description | Default value |
|---|---|---|
| cfg. | This is the attribute that contains the username to use in the login page. Specify an attribute of the 'User' resource in the Microsoft Graph REST API (e.g., 'userPrincipalName', 'id'). | userPrincipalName |
| cfg. | This is the client secret used to authenticate when retrieving an authentication token. For more details on this configuration, consult the SAML Configuration Guide. | |
| cfg. | This is the attribute that contains the display name of the user (e.g., 'Jean Martin'). Specify an attribute of the 'User' resource in the Microsoft Graph REST API (e.g., 'displayName', 'userPrincipalName'). | displayName |
| cfg. | This is the attribute that contains the email address of the user. Specify an attribute of the 'User' resource in the Microsoft Graph REST API (e.g., 'mail'). | |
| cfg. | This URL is used to retrieve the authentication token that is needed to use the Microsoft Graph REST API. For more details on this configuration, consult the SAML Configuration Guide. | |
| cfg. | In the Azure portal, the Application ID is a unique, unchangeable identifier that identifies this application. For more details on this configuration, consult the SAML Configuration Guide. | |
| cfg. | This URL is used to retrieve the signing key and the logout URL. For more details on this configuration, consult the SAML Configuration Guide. | |
| cfg. | The Global Unique Identifier (GUID) for your Microsoft 365 Tenant. For more details on this configuration, consult the SAML Configuration Guide. | |
| cfg. | The Base URL used in mail notifications for users in this domain. As an example, this allows setting a different URL for employees and partners, assuming they are in different domains and there are multiple web interfaces configured. | https://localhost/sfiler/ |
| cfg. | Select « Yes » to enable this authentication mechanism. Remember to turn on the multi-domain feature in the Web GUI configuration to be able to use it in the web interface. | false |
| cfg. | If this value is positive, the adoption will be done for this mechanism. The system will then adopt the user from the external user registry into the S-Filer system. Adoption occurs whenever the adoption task runs. This task can be scheduled in the scheduler section of the server configuration. | false |
| cfg. | Activate the Email Notification parameter for the adopted user. | true |
| cfg. | Determines whether groups retrieved from the repository should be created in S-Filer. | false |
| cfg. | Enter the list of S-Filer groups that should be granted automatically to users once adopted. Enter the group names exactly as they appear in S-Filer separated by ';'. | |
| cfg. | If auto enrollment is true, the authentication for an unknown user account will be attempted and if it succeeds, the user account will be created in S-Filer. If it is set to false the authentication for an unknown user account won't be attempted, this will avoid locking AD/LDAP accounts that are not defined in the adoption policy. | false |
| cfg. | This is the default role assigned to a user who is created in this domain (by adoption or auto enrollment). | 0 |
| cfg. | Select « Yes » to force all users in this domain to use multi-factor authentication (MFA). A user trying to login will be forced to configure its MFA if he has not already done so. | false |
| cfg. | Whether accounts in this authentication domain are case sensitive or not. (Example: In Windows, accounts are NOT case sensitive. User 'test' is equivalent to user 'TEST'.) | true |