This article assumes you have the necessary rights to add Enterprise Applications to Azure AD and have Repository Administrator rights with NetDocuments.


Once enabled this will allow users to log in to NetDocuments with their Microsoft 365 Accounts instead of NetDocuments username and password.



Instructions


WorkCloud team will provide you with your REPOSITORY ID - this will be required later in the process.


Log into Azure https://portal.azure.com then click on 'AZURE ACTIVE DIRECTORY' then  'ENTERPRISE APPLICATIONS'



Then click on 'NEW APPLICATION'



From the Azure AD Gallery search for NetDocuments ( shown as 1) as shown then click on the tile called NetDocuments (shown as point 2)



Then click on SINGLE SIGN-ON




then click on the tile called SAML



Then in the click CREATE - note this 



Note this may take up to 30 sections to add.  You can keep an eye on progress from the Azure notifications icon in the top right



Once Azure has added the NetDocuments Enterprise Application you will be redirected to this screen. Then click on 1.Assign users and groups



 

This allows you to define which users and which groups of users can use this method of Authentication for NetDocuments. 


If you dont have a group to choose from you may want to pause here and create a security group.

We recommend you create a Security Group for which has all staff members in that group that require access to NetDocuments. 

This means that when you add new staff to Office 365 you will need to add them to this group to allow them to gain access to NetDocuments. Here is a link to the guide from Microsoft regarding how to create new groups in Azure. - 

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal



Click Add User/Group to select the groups required  (we recommend a group being used that contains all your users for simplicity of administration ie just add one group rather than adding each user individually)



Now click 'None selected'




Now select the group of users or individual users required



Then click Assign



Once don your screen should look like this


Now click on Single Sign-on and then the SAML Tile



On this page click on the EDIT button for the Basic SAML Configuration section.

Then on the settings pane that comes up enter the following



Identity (Entity ID)


Enter the following if you are in Australia - HTTP://netdocuments.com/AU    (this is case sensitive)


Tick the box as Default so that your system talks to the AU instance of NetDocuments. (Important!)


If you are in America then leave this as is

If you are in the EU or UK then change this to be HTTP://netdocuments.com/EU


Reply URL (assertion Consumer Service URL)


Enter the following https://au.netdocuments.com/neWeb2/docCent.aspx?whr=<REPOSITORY_ID>  


Ensuring your replace  <REPOSITORY_ID> with your unique code that is called your Repository ID. that was provided to you from WorkCloud.


Sign on URL


Enter the following https://au.netdocuments.com/neWeb2/docCent.aspx?whr=<REPOSITORY_ID>  


Ensuring your replace  <REPOSITORY_ID> with your unique code that is called your Repository ID. that was provided to you from WorkCloud.


Now click save as shown here.



Azure will prompt you to test at this point, click NO, I'll test later as you have more settings to enable.


Time out Claims


Time out claims allows you to extend the duration before NetDocuments will automatically log out and require your users to log back in.


Time out claims are based in Minutes ie 4 hours is  240 minutes, 8 hours is 480 minutes.


Please take the security of your data seriously at this point and don't have this number too high. Even if staff work for 8 hours they will use NetDocuments a few times within 4 hours. So consider this choice wisely as to not expose your NetDocuments system to remain logged in for too long of inactivity.

.

Click on EDIT of the User Attribute and Claims section as shown


Click on ADD NEW CLAIM



In the NAME box enter the following


http://netdocuments.com/2014/identity/claims/sessiontimeout


Then in the SOURCE ATTRIBUTE click the dropdown box and then simply type in the number of minutes you want to extend the time out for. Once you see the number with Quotes around it, simply select it. 

Then click SAVE



Now navigate back to your 'SAML' by clicking on its name. then click on the download link for Federation Metadata XML in section 2 called SAML Signing Certificate




Please provide this XML file to your WorkCloud Consultant.