This guide will walk you through how to set up single sign-on (SSO) for Egnyte using Azure Active Directory.

Add Egnyte from the Gallery

Configure Azure AD Single Sign-On (SSO)

Test Azure AD SSO

Additional Resources

Add Egnyte from the Gallery

To configure the integration of Egnyte into Azure AD, you need to add Egnyte from the gallery to your list of managed SaaS apps.

To add Egnyte from the gallery, perform the following steps:

  1. In the Azure portal, on the left navigation panel, click Azure Active Directory icon.

    Screen_Shot_2019-02-27_at_2.23.59_PM.png

  2. Navigate to Enterprise applications. Then, click All applications.

    Screen_Shot_2019-02-27_at_2.24.10_PM.png

  3. To add a new application, click New application at the top of the dialog.

    Screen_Shot_2019-02-27_at_2.24.26_PM.png

  4. In the search box, type Egnyte.

    Creating an Azure AD test user

  5. In the results pane, select Egnyte, and then click the Add button to add the application.

    Creating an Azure AD test user

 

Configure Azure AD Single Sign-On (SSO)

In this section, we'll show you how to enable Azure AD SSO in the Azure portal and configure it in your Egnyte application.

  1. In the Azure portal, open the Egnyte application integration page and click Single sign-on.

    Screen_Shot_2019-02-27_at_2.25.03_PM.png

  2. On the Single sign-on dialog, select Mode as SAML-based Sign-on to enable SSO.

    Screen_Shot_2019-02-27_at_2.25.18_PM.png

    Note: On the top of the page you can switch between old and new experience. Both of those options will work correctly with Egnyte; however, there are certain differences in how they are handled.

New Experience:

In step 1 select the Edit icon in the top right corner.

  • Click the Save icon on the top and after the changes are saved, go back to Set up Single Sign-On

    Note: Before changes take effect on Azure side a couple of minutes may pass.

  • In step 3 download the Certificate (Base64)

    Screen_Shot_2019-02-27_at_2.31.55_PM.png

  • In step 4 copy the Login URL and AzureAD Identifier.

    Screen_Shot_2019-02-27_at_2.32.10_PM.png

  • Continue to the Egnyte Configuration section

Old Experience

  • In the Sign-on URL textbox, type a URL using the following pattern: https://<domainname>.egnyte.com

  • In the Identifier (Entity ID) type the following: https://saml-auth.egnyte.com/

  • Check the box for Show advanced URL settings and enter the following URL in the Reply URL (Assertion Consumer Service URL) with the following pattern:

  • Click Save.

    Note: Before changes take effect on Azure side a couple of minutes may pass.
  • Go to the bottom of the page and click Configure <domainname>.

  • Scroll down to the Quick Reference section and copy the following:

    • Azure AD Single Sign-On Service URL

    • Azure AD SAML Entity ID

    • Download the Azure AD Signing Certificate (Base64 encoded)

      az3.PNG

Egnyte Configuration

  1. In a different web browser window, log into Egnyte as an Administrator, open the menu, and click Settings. Click the Configuration tab, and then click Security.



  2. In the Single Sign-On Authentication section in Egnyte, perform the following steps:
    • Single sign-on authentication: SAML 2.0
    • Identity provider: AzureAD
    • In the Identity provider login URL textbox paste either:
    • In the Identity provider entity ID textbox paste either:
      • Azure AD SAML Entity ID copied from Azure portal (old experience)
      • Azure AD Identifier copied from Azure portal (new experience)

        Note: In both cases, the ID will have the following pattern: https://sts.windows.net/<app_id>/
    • Open your base-64 encoded certificate in notepad (downloaded from Azure portal), copy the content of it into your clipboard, and then paste it to the Identity provider certificate text box. Be sure to remove the BEGIN and END delimiter lines.
    • Default user mapping: Email address
    • Use domain-specific issuer value: disable

      az5.PNG
  3. Click Save

 

Test Azure AD SSO

In this section, you'll test Azure AD SSO with Egnyte with a test user called "Britta Simon."

For SSO to work, Azure AD needs to know what the counterpart user in Egnyte is to a user in Azure AD. In other words, a relationship between an Azure AD user and the related user in Egnyte needs to be established.

In Egnyte, assign the value of the user name in Azure AD as the value of the Username to establish the link relationship.

To configure and test Azure AD SSO with Egnyte, you need to complete the following steps:

  1. Create an Azure AD Test User: To test Azure AD SSO with Britta Simon.
  2. Create an Egnyte Test User: To have a counterpart of Britta Simon in Egnyte that is linked to the Azure AD representation of the user.
  3. Assign the Azure AD Test User: To enable Britta Simon to use Azure AD SSO.
  4. Test Single Sign-On: To verify the configuration was set up properly.

Create an Azure AD Test User

The objective of this section is to create a test user in the Azure portal called Britta Simon.

Create Azure AD User

  1. In the Azure portal on the left navigation pane, click the Azure Active Directory icon.

    Screen_Shot_2019-02-27_at_2.23.59_PM.png

  2. To display the list of users, go to Users and click All users.

    Screen_Shot_2019-02-27_at_2.39.47_PM.png

  3. Click New user on the top of the screen.

    Screen_Shot_2019-02-27_at_2.41.38_PM.png

  4. On the User Dialog page, perform the following steps:

    Creating an Azure AD test user

    a. Name: BrittaSimon (without spaces)
    b. User name: Email address of Britta Simon.
    c. Select Show Password and write down the value of the password.
  5. Click Create.

 

Create an Egnyte Test User

To enable Azure AD users to log into Egnyte, they must be provisioned in Egnyte. With Egnyte, you can manually enter your users, or you can use a CSV file to import them. We'll show you how to add a user manually, but you can read more about importing users here.

  1. Log into Egnyte as an Administrator, open the menu, and click Settings. Click the Users & Groups tab, and then click Add New Account.



  2. From the drop-down, select the type of user you want to add. In our example, we'll add Britta as a Power User.
  3. In the New Power User section, perform the following steps:
    a. Type the First and Last Name, Email, and Username, of the Azure Active Directory account you want to provision.
    b. Authentication Type: Single Sign-On

  4. Click Save.

    Note: For existing users, find the user in the Users & Groups tab, hover over the user and click Details, and click Edit user profile. Make sure all of the details match the user in Azure Active Directory, change the Authentication type to Single Sign-On, and click Save.


Assign the Azure AD Test User

In this section, you'll enable Britta Simon to use Azure SSO.

  1. In the Azure portal, open the applications view.
  2. Navigate to the directory view, select Enterprise applications (under Manage), then click All applications.

    Screen_Shot_2019-02-27_at_2.45.11_PM.png

  3. In the applications list, select Egnyte.

    Configure Single Sign-On

  4. In the menu on the left, click Users and groups.

    Assign User

  5. Click the + Add user button. Then select Users and groups on the Add Assignment dialog.

    Screen_Shot_2019-02-27_at_2.45.46_PM.png

  6. On the Users and groups dialog, select Britta Simon in the Users list.
  7. Click Select on the Users and groups dialog.
  8. Click Assign on the Add Assignment dialog.

Test Single Sign-On

Test the setup by having a user login to Egnyte with their Azure AD credentials.

Note: All SSO authenticated users will be re-directed to your SSO page when attempting to log in on Egnyte.

Additional Resources

Creating an Azure AD test user

Creating an Egnyte test user

Assigning the Azure AD test user

Testing Single Sign-On