Welcome to
Help Desk

Product Updates
Training
Support
Ideas Contact Support

Azure Single Sign On Configuration Guide

Follow

This guide will walk you through setting up single sign-on (SSO) for Egnyte using Azure Active Directory.  

Skip Ahead to...

Prerequisites

Configuration

Creating Enterprise application for SSO

Configure Azure AD Single Sign-On (SSO)

Egnyte Configuration

Test Azure AD SSO

Create an Azure AD Test User

Create an Egnyte Test User

Assign the Azure AD Test User

Test Single Sign-On

Best Practices and Additional Notes

 

Prerequisites

  1. Microsoft Azure plan should allow the creation of a custom, non-gallery application.
  2. If you have a local Active Directory present, it should be synced with Azure. Refer to this Microsoft article
  3. Do not add the Egnyte App from the Azure App Gallery; add a custom app as described below.
  4. Egnyte recommends setting up a separate application for every Egnyte domain you have:
    Example:
    Name of application Provisioning for Single Sign-On for
    Egnyte US West acmeusw acmeusw
    Egnyte US East acmeuse acmeuse
    Egnyte EMEA acmeemea acmeemea

    Although it is possible to set up SSO within one application, we do not recommend it.

 

Configuration

Creating Enterprise application for SSO

  1. Log in to Azure Portal.
  2. Go to Enterprise Applications in the Azure AD section.
    Azure SSO - got to enterprise applications 2.png
  3. Hit the + New application button and then + Create your own application. This can require a specific plan that might include additional costs. 
    Azure SSO - click on New application button.png
    Azure SSO - create your own application.png
  4. Enter a name for the App so you can easily identify it later and select the option
    Integrate any other application you don't find in the gallery (Non Gallery).
    Azure SSO - Enter application details.png
  5. Click on the Create button. The application will be created within a few seconds. 

 

Configure Azure AD Single Sign-On (SSO)

This section will show you how to enable Azure AD SSO in the Azure portal and configure it in your Egnyte application.

  1. In the previous section after creating the App, it will automatically open the App overview page. If it doesn't automatically open or if the page was exited then click on the app name in the enterprise applications page to access it again. Select Single sign-on from the left side menu.
    Azure SSO - Select application from the list.png
    Azure SSO - select single sign on from left menu.png
  2. Select SAML from the available options.
    Azure SSO - select SAML from sso options.png
  3. Click on Edit Under Basic SAML Configuration and fill in the details as mentioned below.
    Azure SSO - Click Edit under basic SAML config.png
    • Click on the Add Identifier link under Identifier (Entity ID) and enter the URL https://saml-auth.egnyte.com/.
      If you have more than one Egnyte Domain and you want to set up a separate application for all of them within the same tenant, please navigate to Egnyte WebUI-> Settings -> Security & authentication and enable switch "Use domain-specific Issuer value" (Please see Egnyte Configuration section by scrolling down) and set Identifier (Entity ID) to https://<domainname>.egnyte.com or custom access URL (if any).  
      Azure SSO - Add identifier.png
    • Click on Add reply URL link and fill in Reply URL (Assertion Consumer Service URL) with the following pattern: Azure SSO - Add reply URL.png
    • Fill in Sign on URL with the URL of your domain: https://<domainname>.egnyte.com/
      or the custom access URL if your Egnyte domain is tied to one.
      Azure SSO - Add sign on URL.png
    • Click the Save icon on the top and after the changes are saved, go back to Set up Single Sign-On
      Note: Before changes take effect on Azure side a couple of minutes may pass.
  4. Download the Federation Metadata XML.

    Azure SSO - SAML certificates.png

 

Egnyte Configuration

  1. In a different web browser window, log in to Egnyte as an Administrator, open the menu, and click Settings. Click the Configuration tab, and then click Security & authentication.
    Azure SSO - Access SSO configuration in Egnyte.png
  2. In the Single Sign-On Authentication section in Egnyte, perform the following steps:
    • Single sign-on authentication: SAML 2.0
    • Identity provider: AzureAD
    • Click on import metadata XML file and choose the downloaded file from Azure.
    • Default user mapping: Email address
    • Use domain-specific issuer value: disable if you are not going to configure multiple Egnyte domains within one Azure Tenant.
      Azure SSO - Egnyte configuration2.png
  3. Click Save.

 

Test Azure AD SSO

In this section, you'll test Azure AD SSO with Egnyte with a test user called "Britta Simon."

For SSO to work, Azure AD needs to know what the counterpart user in Egnyte is to Azure AD. In other words, a relationship between an Azure AD user and the related user in Egnyte needs to be established.

In Egnyte, assign the Username value (also known as UPN) in Azure AD as the value of the idpusername to establish the link relationship.

To configure and test Azure AD SSO with Egnyte, you need to complete the following steps:

  1. Create an Azure AD Test User: To test Azure AD SSO with Britta Simon.
  2. Create an Egnyte Test User: To have a counterpart of Britta Simon in Egnyte linked to the Azure AD representation of the user.
  3. Assign the Azure AD Test User: To enable Britta Simon to use Azure AD SSO.
  4. Test Single Sign-On: To verify the configuration was set up properly.

Create an Azure AD Test User

The objective of this section is to create a test user in the Azure portal called Britta Simon.

Create Azure AD User

  1. In the Azure portal on the left navigation pane, click the Users icon.
    Azure SSO - Users.png
  2. Click New user on the top of the screen.

    Screen_Shot_2019-02-27_at_2.41.38_PM.png

  3. On the User Dialog page, perform the following steps:

    mceclip1.png

    a. Name: BrittaSimon (without spaces)
    b. User name: Email address of Britta Simon.
    c. Select Show Password and write down the value of the password.
  4. Click Create.

 

Create an Egnyte Test User

To enable Azure AD users to log into Egnyte, they must be provisioned in Egnyte. With Egnyte, you can manually enter your users or use a CSV file to import them. We'll show you how to add a user manually, but you can read more about importing users here.

  1. Log into Egnyte as an Administrator, open the menu, and click Settings. Click the Users & Groups tab, and then click Add New Account.

    webui_redesign_add_user_account.jpg

  2. From the drop-down, select the type of user you want to add. In our example, we'll add Britta as a Power User.
  3. In the New Power User section, perform the following steps:
    a. Type the First and Last Name, Email, Username of the Azure Active Directory account you want to provision.
    b. Authentication Type: Single Sign-On
    c. Set Idp Username to match UPN from Azure
    webui_redesign_add_new_user_sso_authentication.png
  4. Click Save.

    Note: For existing users, find the user in the Users & Groups tab, hover over the user and click Details, and click Edit user profile. Make sure all of the details match the user in Azure Active Directory, change the Authentication type to Single Sign-On, set IdP Username, and click Save.


Assign the Azure AD Test User

In this section, you'll enable Britta Simon to use Azure SSO.

  1. In the Azure portal, open the SSO application.
  2. In the menu on the left, click Users and groups.

    mceclip3.png

  3. Click the + Add User/Group button. Then select None selected:
    mceclip4.png
  4. In the search box, search for Britta Simon and select the user.
  5. Click Select at the bottom
  6. Click Assign to confirm your choice.

Test Single Sign-On

Test the setup by having a user log in to Egnyte with their Azure AD credentials.

Note: All SSO authenticated users will be re-directed to your SSO page when attempting to log in on Egnyte.

Best Practices and Additional Notes:

  1. Egnyte recommends having at least one admin account with Egnyte authentication in case of SSO provider failure
  2. By default, Single Sign-On is available only for Admins and Power Users.

 

 

 

Was this article helpful?
1 out of 2 found this helpful

For technical assistance, please contact us.