Overview
With vaults created within the M-Files Cloud environment, you should expect two Microsoft Entra ID applications in your tenant: one for authenticating users and another for provisioning users and user groups from Entra ID to M-Files.
When using M-Files Login Service, the same authentication application, using a single application ID, is shared across all Entra tenants. In contrast, the provisioning application must be created manually for each Entra tenant and will have a unique application ID.
Authentication application
The vault deployment process in M-Files Manage adds an Entra ID authentication configuration using M-Files Login Service and the corresponding Entra ID enterprise application is created in your Entra tenant automatically.
You can identify this configuration in M-Files Admin as "MFLoginService.Default" and on the Entra ID side the corresponding enterprise application is called "M-Files Login Service (CloudOps)".
Further details, including the application ID, are available in Configuring Vault Authentication with M-Files Login Service.
User provisioning application
The second application is used for user provisioning, which means synchronizing users and groups from Entra ID to M-Files using the SCIM protocol. For user provisioning, you have to configure an endpoint in M-Files Manage and then configure an enterprise application in your Entra tenant to provision users and groups towards the endpoint in Manage. Instructions are available in M-Files Manage user guide.
Unlike the authentication application, you can freely name the provisioning application as you like.
