Welcome to
Help Desk

Product Updates
Training
Support
Ideas Contact Support

Azure Single Sign On Configuration Guide

This guide provides detailed steps on setting up single sign-on (SSO) for Egnyte using Microsoft Entra ID (Previously Azure Active Directory or Azure AD). 

Skip Ahead to...

Prerequisites

Configuration

Creating Enterprise application for SSO

Configure Microsoft Entra ID Single Sign-On (SSO)

Egnyte Configuration

Test Microsoft Entra ID SSO

Create an Microsoft Entra Test User

Create an Egnyte Test User

Assign the Microsoft Entra ID Test User

Test Single Sign-On

Best Practices and Additional Notes

Prerequisites

  1. Microsoft Azure plan should allow the creation of a custom, non-gallery application.
  2. If there is a local Active Directory present, it should be synced with Entra ID. Refer to this Microsoft article.
  3. Do not add the Egnyte App from the Entra App Gallery; add a custom app as described below.
  4. Egnyte recommends setting up a separate application for every Egnyte domain:
    Example:
    Name of application Provisioning for Single Sign-On for
    Egnyte US West acmeusw acmeusw
    Egnyte US East acmeuse acmeuse
    Egnyte EMEA acmeemea acmeemea

    Although it is possible to set up SSO within one application, Egnyte does not recommend it.

Configuration

Creating Enterprise application for SSO

  1. Log in to Azure Portal.
  2. Go to Enterprise Applications in the Microsoft Entra ID section.
    Azure SSO - got to enterprise applications 2.png
  3. Click on + New application button and then + Create your own application. This can require a specific plan that might include additional costs. 
    Azure SSO - click on New application button.png
    Azure SSO - create your own application.png
  4. Enter a name for the App to easily identify it later and select the option Integrate any other application you don't find in the gallery (Non Gallery). Click on Create button.
    Azure SSO - Enter application details.png
  5. Alternatively, the user can select the app from the recommendations and click on the Create button.
    Azure SSO -1.png
    The application will be created within a few seconds.

Configure Microsoft Entra ID Single Sign-On (SSO)

This section will show the steps to enable Microsoft Entra ID SSO and configure it in the Egnyte application.

  1. In the previous section after creating the App, it will automatically open the App overview page. If it doesn't automatically open or if the page was exited then click on the app name in the enterprise applications page to access it again. Select Single sign-on from the left side menu.
    Azure SSO - Select application from the list.png
    Azure SSO - select single sign on from left menu.png
  2. Select SAML from the available options.
    Azure SSO - select SAML from sso options.png
  3. Click on Edit Under Basic SAML Configuration and fill in the details as mentioned below.
    Azure SSO - Click Edit under basic SAML config.png
    • Click on the Add Identifier link under Identifier (Entity ID) and enter the URL https://saml-auth.egnyte.com/.
      If there are more than one Egnyte Domain and to set up a separate application for all of them within the same tenant, please navigate to Egnyte WebUI-> Settings -> Security & authentication and enable switch "Use domain-specific Issuer value" (Please see Egnyte Configuration section by scrolling down) and set Identifier (Entity ID) tohttps://<domainname>.egnyte.com or custom access URL (if any).  
      Azure SSO - Add identifier.png
    • Click on Add reply URL link and fill in Reply URL (Assertion Consumer Service URL) with the following pattern: Azure SSO - Add reply URL.png
    • Fill in Sign on URL with the URL of your domain: https://<domainname>.egnyte.com/
      or the custom access URL if your Egnyte domain is tied to one.
      Azure SSO - Add sign on URL.png
    • Click the Save icon on the top and after the changes are saved, go back to Set up Single Sign-On

      Before changes take effect on Entra side a couple of minutes may pass.

  4. Download the Federation Metadata XML.

    Azure SSO - SAML certificates.png

 

Egnyte Configuration

  1. In a different web browser window, log in to Egnyte as an Administrator, open the menu, and click Settings. Click the Configuration tab, and then click Security & authentication.
    Azure SSO - Access SSO configuration in Egnyte.png
  2. In the Single Sign-On Authentication section in Egnyte, perform the following steps:
    • Single sign-on authentication: SAML 2.0
    • Identity provider: AzureAD
    • Click on import metadata XML file and choose the downloaded file from Entra.
    • Default user mapping: Email address
    • Use domain-specific issuer value: enable if you are going to configure multiple Egnyte domains within one Entra Tenant.
      Azure SSO - Egnyte configuration2.png
  3. Click Save.

Test Microsoft Entra ID SSO

In this section, details are included to test Microsoft Entra ID SSO with Egnyte with a test user called "Britta Simon."

For SSO to work, Microsoft Entra ID needs to know what the counterpart user in Egnyte is to Microsoft Entra ID. In other words, a relationship between an Microsoft Entra ID user and the related user in Egnyte needs to be established.

In Egnyte, assign the Username value (also known as UPN) in Microsoft Entra ID as the value of the idpusername to establish the link relationship.

To configure and test Microsoft Entra ID SSO with Egnyte, complete the following steps:

  1. Create an Microsoft Entra ID Test User: To test Microsoft Entra ID SSO with Britta Simon.
  2. Create an Egnyte Test User: To have a counterpart of Britta Simon in Egnyte linked to the Microsoft Entra ID representation of the user.
  3. Assign the Microsoft Entra ID Test User: To enable Britta Simon to use Microsoft Entra ID SSO.
  4. Test Single Sign-On: To verify the configuration was set up properly.

Create an Microsoft Entra Test User

The objective of this section is to create a test user in the Entra portal called Britta Simon.

Create Azure AD User

  1. In the Entra portal on the left navigation pane, click the Users icon.
    Azure SSO - Users.png
  2. Click New user on the top of the screen.

    Azure SSO - 2.png

  3. On the User Dialog page, perform the following steps:

    Azure SSO-3.png

    a. Name: BrittaSimon (without spaces)
    b. User name: Email address of Britta Simon.
    c. Select Show Password and write down the value of the password.
  4. Click Review + Create.

Create an Egnyte Test User

To enable Microsoft Entra ID users to log into Egnyte, they must be provisioned in Egnyte. With Egnyte, you can manually enter your users or use a CSV file to import them. We'll show you how to add a user manually, but you can read more about importing users here.

  1. Log into Egnyte as an Administrator, open the menu, and click Settings. Click the Users & Groups tab, and then click Add New Account.

    Azure SSO-5.pngAzure SSO-4.png

  2. From the drop-down, select the type of user to add. In our example, we'll add Britta as a Power User.
  3. In the New Power User section, perform the following steps:
    a. Type the First and Last Name, Email, Username of the Entra id account you want to provision.
    b. Authentication Type: Single Sign-On
    c. Set Idp Username to match UPN from Entra
    webui_redesign_add_new_user_sso_authentication.png
  4. Click Save.

    For existing users, find the user in the Users & Groups tab, hover over the user and click Details, and click Edit user profile. Make sure all of the details match the user in Entra id, change the Authentication type to Single Sign-On, set IdP Username, and click Save.


Assign the Microsoft Entra ID Test User

This section covers the steps toenable Britta Simon to use Entra SSO.

  1. In the Entra portal, open the SSO application.
  2. In the menu on the left, click Users and groups.

    Azure SSO-5.png

  3. Click the + Add User/Group button.
    Azure SSO-6.png
  4. Click on None selected:
    Azure SSO-7.png
  5. In the search box, search for Britta Simon and select the user.
  6. Click Select at the bottom
  7. Click Assign to confirm the choice.

Test Single Sign-On

Test the setup by having a user login to Egnyte with their Microsoft Entra ID credentials.

All SSO authenticated users will be re-directed to your SSO page when attempting to log in on Egnyte.

Best Practices and Additional Notes

  1. Egnyte recommends having at least one admin account with Egnyte authentication in case of SSO provider failure
  2. By default, Single Sign-On is available only for Admins and Power Users.

 

 

 

Was this article helpful?
1 out of 2 found this helpful

For technical assistance, please contact us.