If your law firm uses Azure AD (Entra ID) or another identity provider for single sign-on with NetDocuments, you’ve probably noticed the “Delete Federated users from NetDocuments” checkbox when removing users. This small checkbox can create significant confusion about what actually happens during user deletion—especially regarding your Azure AD configuration and user audit trails.
Let’s clear up the confusion and help you avoid common pitfalls.
What the Checkbox Actually Does
When you check “Delete Federated users from NetDocuments,” the system performs a more thorough deletion that affects federated identity mappings. According to NetDocuments support documentation, this action has an important consequence: the user’s name is removed from document history and audit trails, leaving only their user ID.
This means:
- Document version history will show only the user ID (like “12345”) instead of “John Smith”
- Audit trails lose the human-readable name association
- Historical tracking of user activity becomes more difficult to interpret
The Azure AD Disconnect You Need to Know About
Here’s what many administrators don’t realize: checking this box does NOT remove the user from the NetDocuments Enterprise Application in Azure AD.
The deletion operation only affects the NetDocuments side of the relationship. It doesn’t communicate back to Azure AD to clean up the user assignment there. After deleting a federated user from NetDocuments (even with the checkbox selected):
- The user assignment to NetDocuments in Azure AD remains intact
- The user still appears as assigned to the NetDocuments app
- No automatic cleanup occurs in your identity provider
This is because the sync relationship between Azure AD and NetDocuments is one-way—Azure pushes user information to NetDocuments, but NetDocuments doesn’t push deletions back to Azure.
When You SHOULD Check This Box
The only scenario where you’d want to check “Delete Federated users from NetDocuments” is when you’re removing a user and then adding a new user with the exact same email address.
Common examples include:
- Generic role-based accounts like receptionist@lawfirm.com
- Shared position emails like lawclerk@lawfirm.com
- Office manager or other role accounts that transfer between employees
In these cases, deleting the federated user mapping allows you to cleanly reassign the email address to a new person without authentication conflicts.
When You Should NOT Check This Box
For standard user departures (attorneys, paralegals, staff leaving the firm), do NOT check this box. Here’s why:
- Preserve audit trails – Keeping user names in document history is crucial for compliance, litigation support, and institutional knowledge
- Maintain accountability – Future reviews of documents will show who actually worked on them
- Avoid confusion – Audit reports with user IDs instead of names create unnecessary work during reviews
The Safe Two-Step User Removal Process
For standard employee departures, follow this workflow:
Step 1: Delete from NetDocuments
- Navigate to Administration > Users
- Select the user to remove
- Click Delete
- Leave “Delete Federated users from NetDocuments” UNCHECKED
- Confirm deletion
Step 2: Clean Up Azure AD (Don’t Forget This!)
- Go to Azure AD > Enterprise Applications > NetDocuments
- Navigate to Users and groups
- Remove the user assignment
- Confirm removal
This ensures the user is correctly removed from both systems while preserving valuable audit trail information.
Best Practice: Save User Information First
Before deleting any user (whether checking the box or not), consider documenting:
- User ID and associated name
- Email address
- Recent document activity
- Any group memberships
This creates a reference point if questions arise later about historical document work.
The Bottom Line
The “Delete Federated users from NetDocuments” checkbox serves a very specific purpose: cleaning up federated identity mappings when reassigning email addresses. For 99% of user deletions, you should leave it unchecked to preserve audit trails and document history.
And remember: deleting a user from NetDocuments never automatically cleans up Azure AD. Always perform both steps to maintain a tidy identity management environment.
Need help with NetDocuments user management or SSO configuration? At Optiable, we’ve handled user provisioning and identity management for over 540 NetDocuments implementations. Whether you’re setting up new federation, troubleshooting sync issues, or establishing best practices for user lifecycle management, we can help. Contact us to discuss your NetDocuments environment.