This guide will walk you through how to set up SSO for Egnyte using Okta.
Set up Okta for Egnyte
1. Log in to Okta. Click on the "Admin" button to enter the administrative view.
2. Under "Applications", search for Egnyte.
3. The Egnyte application is now active.
3. Click on the "General" tab. Enter the following settings.
- Application Label: label that Egnyte will have on your Okta homepage, e.g. "Egnyte".
- Egnyte Sub-Domain: whatever comes before ".egnyte.com" in your Egnyte domain name. If you log into "https://acme.egnyte.com", you would just type "acme" here.
- Application Visibility: Select this option. This allows users to see the Egnyte application on the Okta homepage.
4. Click the "Sign On" tab. Select the "SAML 2.0" option and then click "SAML 2.0 Setup Instructions for Egnyte".
Note the button to "View Setup Instructions" in the box with the yellow panel. Click this button and keep the instructions that pop up open in a separate tab. We will revisit them in a few steps.
5. (Optional) If you have already set up users in your Okta account, you can choose up to 500 of them to access Egnyte at this point. You can always skip this stage and do it later.
6. On Egnyte's application configuration page in Okta you can change settings and grant users access to Egnyte. First, you will need to log into your Egnyte account to enable SSO.
Configure Egnyte Settings for Okta
1. Log into your Egnyte account through the Web UI.
2. Navigate to "Settings" --> "External Authentication" --> "SAML (SSO)".
3. Now, you are going to use those instructions that you have been keeping open in a separate tab. They should look like this:
4. Check the box "Enable SAML (SS0)".
5. Fill in the the sections as follows.
- ldp Name: Choose "Okta" from the dropdown.
- ldP Account Name: Leave this field blank.
- ldP Target URL: Enter whatever appears in the "Copy Okta Login URL". Note that this is a customer-specific URL; you should NOT just enter the information in the screenshot above.
- ldP Issuer URL: Enter whatever appears in the "Copy Okta Entity ID" field. Again, note that this is a customer-specific URL; you should NOT just enter the information in the screenshot above.
6. Click the "Download Okta Certificate" link from the screen depicted on Step 3. Using Note or a similar program, open the SAML Certification. You should see something similar to the image below.
Copy all of the text between the "Begin Certificate" and "End Certificate". Paste that into the "SAML Certificate" field.
7. Click on "Save". SSO access via Okta is now configured for your Egnyte account.
Import Users into Okta
1. Log into Egnyte through the Web UI. Navigate to "Settings" --> "Users & Groups" --> "Power Users".
2. Click the "Import" button.
3. In the import dialog, click on "Download Sample File" to download the sample user provisioning CSV file.
4. Open the downloaded CSV file in Microsoft Excel and fill out the columns with the following values:
Here's an example of how it will look in Microsoft Excel:
Note: Periods, underscores, and hyphens can be placed in usernames; however, usernames cannot begin with these symbols nor can a username end with a period.
5. Save the file in CSV format.
6. Upload the File to Egnyte by clicking on "Choose File" in the "Import Users" dialog and selecting the file you just saved.
7. If you are using the spreadsheet to create new employee accounts in Egnyte, select the checkbox "Allow the creation of new users". If your employees already have accounts in Egnyte and you are now allowing them to have SSO access, select "Allow updating of existing users". When updating existing employees, you will only need to complete the Username, AuthType, and ldpUserID columns; the rest can be left blank.
8. Click "Import" and wait for the confirmation email that indicates your user import has completed.
9. Test the setup by logging out of your Egnyte account. You should now see a different login page that now includes a single sign-on option on the right. Click "Login" and you should be redirected to your SSO provider. Log in. You should be redirected to your Egnyte domain.