Overview
FilesAnywhere supports SAML 2.0 SSO integration for various identity providers. For SSO integration with FilesAnywhere and SAML 2.0, the AzureAD Administrator needs to configure the FilesAnywhere application as a Trusted application as per the following steps.
Also you will need to request FilesAnywhere to enable the single sign-on functionality.
Things to note:
- Replace <<CLIENTID>> with your Client ID, I.E. 1324
- Replace <<WEBURL>> with your Site URL, I.E. https://private.filesanywhere.com
- Replace any instance below of 2331 with your Client ID, I.E. 1324
AzureAD Setup
- Login to your Azure Portal administration account.
-
In the Azure Portal, navigate to Active Active Directory.
-
Click on Microsoft Entra ID:
-
Create New application:
-
Click Add and then click on Enterprise application:
- Click Create your own application:
-
Choose Intergrate any other application you don’t find in the gallery and click Create
-
Choose Set up single sign on:
-
Choose SAML
-
Choose Basic SAML Configuration and click on Edit
-
Keep Entity ID as below and ACS URL as per your user site URL with ClientID, click Save
Field Name Field Value Reply URL / Assertion Consumer Service (ACS) <<WEBURL>>saml20.aspx?c=<<CLIENTID>> Identifier / Entity ID Filesanywhere.com ClientID <<CLIENTID>> Note: Your ClientID can be found on your login page at the bottom directly under the login box.
-
Step-1 will get updated as below:
-
Edit Attributes and Claims section:
-
Add clientID claim, Click Add new Claim -> Input value as below and Save:
-
Edit all attributes (EmailAddress/FirstName/LastName/UserPrincipalname) as per below steps:
- Update name
-
Remove Namespace value
user.email
user.firstname
user.lastname
userprincipalname
-
Finally all attribute claims will look as below and ClientID should be replaced with your account ClientID:
- Collect and pass on to FilesAnywhere team to update and enable SSO for your account:
Certificate (Base64)
Login URL
-
Assign Users(s) to newly added application:
- (Optional) Assign Group(s) to newly added application from the same area.
See instructions for this below
- In this step you will need to request FilesAnywhere to turn on Single Sign-on for your account and click here to submit it:
- Information collected in above steps:
- Initiate Single Sign On (SSO) URL
- Download Certificate
- If you can provide us with a few test accounts we could test the setup for you.
- Information collected in above steps:
(Optional) Assign Group(s) Provisioning
1. Create the Group in your Admin Console
- Log into your admin console
- Click on Groups
- Click Add Group
- Create your group name and select your division as necessary
- Click on Sharing and set up your GroupShares for this group
- Click Save
2. Enable User SSO Group Mapping under your SSO settings within Site Configuration
- Log into your admin console
- Click on Site Configuration
- Click on Single Sign-On (SSO) Settings
- Navigate to User Self-Enrollment
- Click on "Allow user self-enrollment"
This allows new SSO users to sign in and their accounts are automatically created
- Navigate to User SSO Group Mapping
- Click on Allow SSO Group Mapping
- Click Save Site Configuration
3. Create the group in Entra
- Log into Microsoft Entra
- Click on Users and groups
- Click on Add user/group
- From here you'll need to create the group with the exact same name that you used for the FilesAnywhere group
Login page
Once the Integration is enabled by FilesAnywhere, you will see the SSO button on your login page. Using Use Company Credentials button users can enter their Microsoft Azure AD credential to login into FilesAnywhere.
Still Have Questions?
If you need help or have additional questions, please contact us.
0 Comments