This guide will walk you through how to set up single sign-on (SSO) for Egnyte using Azure Active Directory.
To configure the integration of Egnyte into Azure AD, you need to add Egnyte from the gallery to your list of managed SaaS apps.
To add Egnyte from the gallery, perform the following steps:
In the Azure portal, on the left navigation panel, click Azure Active Directory icon.
Navigate to Enterprise applications. Then, click All applications.
To add new application, click New application button on the top of dialog.
In the search box, type Egnyte.
In the results panel, select Egnyte, and then click the Add button to add the application.
In this section, we'll show you how to enable Azure AD SSO in the Azure portal and configure it in your Egnyte application.
In the Azure portal, on the Egnyte application integration page and click Single sign-on.
On the Single sign-on dialog, select Mode as SAML-based Sign-on to enable SSO.
On the Egnyte Domain and URLs section, perform the following steps:
In the Sign-on URL textbox, type a URL using the following pattern: https://<domainname>.egnyte.com
Check the box for Show advanced URL settings and enter the following URL in the Identifier field: https://saml-auth.egnyte.com
On the SAML Signing Certificate section, click Certificate (Base64) and then save the certificate file on your computer.
Click Save button.
On the Egnyte Configuration section, click Configure Egnyte to open Configure sign-on window. Copy the SAML Entity ID, and SAML Single Sign-On Service URL from the Quick Reference section.
In a different web browser window, log into Egnyte as an administrator, open the menu, and click Settings. Click the Configuration tab, and then click Security.
In the Single Sign-On Authentication section, perform the following steps:
a. Single sign-on authentication: SAML 2.0
b. Identity provider: AzureAD
c. Paste the SAML Single Sign-On Service URL copied from Azure portal into the Identity provider login URL textbox.
d. Paste the SAML Entity ID which you copied from Azure portal into the Identity provider entity ID textbox.
e. Open your base-64 encoded certificate in notepad (downloaded from Azure portal), copy the content of it into your clipboard, and then paste it to the Identity provider certificate text box. Be sure to remove the BEGIN and END delimiter lines.
f. Default user mapping: Email address
g. Use domain-specific issuer value: disabled
In this section, you'll test Azure AD SSO with Egnyte with a test user called "Britta Simon."
For SSO to work, Azure AD needs to know what the counterpart user in Egnyte is to a user in Azure AD. In other words, a relationship between an Azure AD user and the related user in Egnyte needs to be established.
In Egnyte, assign the value of the user name in Azure AD as the value of the Username to establish the link relationship.
To configure and test Azure AD SSO with Egnyte, you need to complete the following steps:
- Create an Azure AD Test User: To test Azure AD SSO with Britta Simon.
- Create an Egnyte Test User: To have a counterpart of Britta Simon in Egnyte that is linked to the Azure AD representation of user.
- Assign the Azure AD Test User: To enable Britta Simon to use Azure AD SSO.
- Test Single Sign-On: To verify the configuration was set up properly.
The objective of this section is to create a test user in the Azure portal called Britta Simon.
- In the Azure portal on the left navigation pane, click the Azure Active Directory icon.
- To display the list of users, go to Users and groups and click All users.
- To open the User dialog, click Add on the top of the dialog.
- On the User Dealog page, perform the following steps:
a. Name: BrittaSimon (without spaces)
b. User name: Email address of BrittaSimon.
c. Select Show Password and write down the value of the password.
- Click Create.
To enable Azure AD users to log into Egnyte, they must be provisioned in Egnyte. With Egnyte, you can manually enter your users or you can use a CSV file to import them. We'll show you how to manually add a user, but you can read more about importing users here.
- Log into Egnyte as an Administrator, open the menu, and click Settings. Click the Users & Groups tab, and then click Add New User.
- From the drop-down, select the type of user you want to add. In our example, we'll add Britta as a Power User.
- In the New Power User section, perform the following steps:
a. Type the First and Last Name, Email, and Username, of the Azure Active Directory account you want to provision.
b. Authentication Type: Single Sign-On
- Click Save.
Note: For existing users, find the user in the Users & Groups tab, hover over the user and click Details, and click Edit user profile. Make sure all of the details match the user in Azure Active Directory, change the Authentication type to Single Sign-On, and click Save.
In this section, you'll enable Britta Simon to use Azure SSO.
- In the Azure portal, open the applications view.
- Navigate to the directory view, select Enterprise applications (under Manage), then click All applications.
- In the applications list, select Egnyte.
- In the menu on the left, click Users and groups.
- Click the + Add button. Then select Users and groups on the Add Assignment dialog.
- On the Users and groups dialog, select Britta Simon in the Users list.
- Click Select on the Users and groups dialog.
- Click Assign on the Add Assignment dialog.
Test the setup by having a user login to Egnyte with their Azure AD credentials.
Note: All SSO authenticated users will be re-directed to your SSO page when attempting to login on Egnyte.
- Creating an Azure AD test user
- Creating an Egnyte test user
- Assigning the Azure AD test user
- Testing Single Sign-On