This article will walk you through how to set up SSO for Egnyte using Okta. We'll also show you how to provision users from Okta to Egnyte once it has been set up.
Set up Okta for Egnyte
1. Log in to Okta. Click on the Admin button to enter the administrative view.
2. Under the Applications tab, search for Egnyte by clicking Add Application.
3. Click the General tab. Enter the following settings.
- Application Label: label that Egnyte will have on your Okta homepage, e.g. "Egnyte".
- Egnyte Sub-Domain: Your Egnyte account domain, <yourdomain.egnyte.com>. If you log into "https://acme.egnyte.com", you would just type "acme" here.
- Application Visibility: Leave unchecked. This allows users to see the Egnyte application on the Okta homepage.
4. Click Next to access the Sign On tab. Select the SAML 2.0 option.
Note: Click the View Setup Instructions button and keep the instructions that pop up open in a separate tab. We will revisit them in a few steps.
5. Please refer to the Provisioning Okta section for provisioning users already in Okta to Egnyte.
6. On Egnyte's application configuration page in Okta you can change settings and grant users access to Egnyte. First, you will need to log into your Egnyte account to enable SSO. Use the Configure Egnyte Settings for Okta article for detailed instructions.
Import Users into Okta
1. Log into Egnyte through the Web UI. Navigate to Settings, and click on the Users & Groups tab.
2. Click Import Users.
3. In the import dialog, click Download Sample File to download the sample user provisioning .csv file.
4. Open the downloaded .csv file in Microsoft Excel and fill out the columns with the following values:
Here's an example of how it will look in Microsoft Excel:
Note: Periods, underscores, and hyphens can be placed in usernames; however, usernames cannot begin with these symbols nor can a username end with a period.
5. Save the file in .csv format.
6. Upload the file to Egnyte by clicking Choose file.
7. If you are using the spreadsheet to create new employee accounts in Egnyte, select the checkbox Allow the creation of new users. If your employees already have accounts in Egnyte and you are now allowing them to have SSO access, select Allow updating of existing users. When updating existing employees, you will only need to complete the Username, AuthType, and ldpUserID columns; the rest can be left blank.
8. Click Import and wait for the confirmation email that indicates your user import has completed.
9. Test the setup by logging out of your Egnyte account. You should now see a different login page that now includes a single sign-on option on the right. Click Login and you should be redirected to your SSO provider. Log in. You should be redirected to your Egnyte domain.
Provision Users from Okta
1. To begin, first ensure that your Egnyte application on Okta has been completely configured. Please refer to the steps above.
2. Go to the Provisioning tab in Okta and check the Enable provisioning features box. You will also need to click the Authenticate with Egnyte box to generate the authentication token.
Note: You may have disabled some of the additional features on the Provisioning page. The following steps are assuming that all of the features are enabled.
3. Assign Okta users to Egnyte by going to the People tab and clicking on Assign to People.
Note: Select the user(s) that will be using the Egnyte application.
4. Examine the user information and ensure the following fields contain the correct information.
- User Name – username to be used on Egnyte, please ensure there are no special characters or white spaces in the User Name field. If your users were created to have the domain suffix included (e.g: ‘email@example.com’), then you will need to remove ‘@acme.com’ as Egnyte does not support special characters.
- User Type – Egnyte user type (For more information on each user type, please click here).
- Authentication Type – SSO or Egnyte
5. After finishing the assignment, the user should automatically be provisioned into Egnyte. If the user does not show up in Egnyte, then it is highly likely that the provisioning did not go through due to a Task that appeared. To check this, click My Tasks and correct any that have appeared. The application should be able to provision afterwards.