This guide will walk you through how to set up SSO for Egnyte using Watchguard.

Set up Watchguard for Egnyte 

  1. Navigate to the WatchGuard Cloud website and log in. Go to Configure -> AuthPoint. 

    mceclip0.png

  2. In the left panel, click on "Resources" and "Certificates."
  3. Click "Add certificate." 
  4. Note down certificate ID. It will be needed later.
  5. Click the three dots icon on the right-hand side of the certificate and choose Download Metadata. Save this file for later.

    mceclip2.png

  6. Click again on "Resources," then choose from the dropdown menu "SAML" and click "Add Resource button."

    mceclip1.png

  7. Fill in the following data and click save:

    Name Name of the resource, easily recognizable for you, it can be simply "Egnyte SAML"
    Application type Egnyte / Other
    Service Provider Entity ID https://saml-auth.egnyte.com
    Assertion Consumer Service https://<domainname>.egnyte.com/samlconsumer
    User ID Email
    Logout URL https://<domainname>.egnyte.com
    Signature Method SHA-256
    AuthPoint Certificate Choose the ID of the previously created certificate
  8. Click on "Authentication Policies" and choose the authentication policy that you want to use with Egnyte. If there is none, create a new one.
  9. Choose the groups of users you want to be able to log in with SSO.
  10. In Resources, type the name of the resource you created, in this example, "Egnyte SAML."

    mceclip4.png
  11. Click save

 

Egnyte Configuration

  1. In a different web browser window, log in to Egnyte as an Administrator, open the menu, and click Settings. Click the Configuration tab, and then click Security & authentication.



  2. In the Single Sign-On Authentication section in Egnyte, perform the following steps:
      1. Single sign-on authentication: SAML 2.0.
      2. Click on "Import metadata XML file".
      3. Choose the file you have downloaded in certificates during Watchguard configuration.
      4. All fields should be automatically filled in.

Create an Egnyte Test User

To enable Watchguard users to log into Egnyte, they need authentication type to be set up as SSO. With Egnyte, you can manually enter your users or use a CSV file to import them. We'll show you how to add a user manually, but you can read more about importing users here.

  1. Log into Egnyte as an Administrator, open the menu, and click Settings. Click the Users & Groups tab, and then click Add New Account.



  2. From the drop-down, select the type of user you want to add. In our example, we'll add Britta as a Power User.
  3. In the New Power User section, perform the following steps:
    a. Type the First and Last Name, Email, Username of the Watchguard account you want to set up for SSO.
    b. Authentication Type: Single Sign-On
    c. Set Idp Username to match username from Watchguard.
    mceclip2.png
  4. Click Save.

    Note: For existing users, find the user in the Users & Groups tab, hover over the user and click Details, and click Edit user profile. Make sure all of the details match the user in Watchguard, change the Authentication type to Single Sign-On, set IdP Username, and click Save.

Multiple Egnyte Domain scenario

If you have multiple Egnyte domains, you will need to:

  1. Create SAML resource in Watchguard cloud for each domain.
    In addition, all Service Provider Entity ID has to be set to:
    https://<your_egnyte_domain>.egnyte.com
    instead of:
    https://saml-auth.egnyte.com
  2. Download XML certificates for each domain and import them accordingly.
  3. During Egnyte Configuration, you need to turn on the domain-specific issuer.

    mceclip0.png