This guide will walk you through how to set up SSO for Egnyte using Watchguard.
Set up Watchguard for Egnyte
Navigate to the WatchGuard Cloud website and log in. Go to Configure -> AuthPoint.
- In the left panel, click on "Resources" and "Certificates."
- Click "Add certificate."
- Note down certificate ID. It will be needed later.
- Click the three dots icon on the right-hand side of the certificate and choose Download Metadata. Save this file for later.
- Click again on "Resources," then choose from the dropdown menu "SAML" and click "Add Resource button."
- Fill in the following data and click save:
Name Name of the resource, easily recognizable for you, it can be simply "Egnyte SAML" Application type Egnyte / Other Service Provider Entity ID https://saml-auth.egnyte.com Assertion Consumer Service https://<domainname>.egnyte.com/samlconsumer User ID Logout URL https://<domainname>.egnyte.com Signature Method SHA-256 AuthPoint Certificate Choose the ID of the previously created certificate
- Click on "Authentication Policies" and choose the authentication policy that you want to use with Egnyte. If there is none, create a new one.
- Choose the groups of users you want to be able to log in with SSO.
- In Resources, type the name of the resource you created, in this example, "Egnyte SAML."
- Click save
- In a different web browser window, log in to Egnyte as an Administrator, open the menu, and click Settings. Click the Configuration tab, and then click Security & Authentication.
- In the Single Sign-On Authentication section in Egnyte, perform the following steps:
- Single sign-on authentication: SAML 2.0.
- Click on "Import metadata XML file".
- Choose the file you have downloaded in certificates during Watchguard configuration.
- All fields should be automatically filled in.
Create an Egnyte Test User
To enable Watchguard users to log into Egnyte, they need authentication type to be set up as SSO. With Egnyte, you can manually enter your users or use a CSV file to import them. We'll show you how to add a user manually, but you can read more about importing users here.
- Log into Egnyte as an Administrator, open the menu, and click Settings. Click the Users & Groups tab, and then click Add New Account.
- From the drop-down, select the type of user you want to add. In our example, we'll add Britta as a Power User.
- In the New Power User section, perform the following steps:
a. Type the First and Last Name, Email, Username of the Watchguard account you want to set up for SSO.
b. Authentication Type: Single Sign-On
c. Set Idp Username to match username from Watchguard.
- Click Save.
Note: For existing users, find the user in the Users & Groups tab, hover over the user and click Details, and click Edit user profile. Make sure all of the details match the user in Watchguard, change the Authentication type to Single Sign-On, set IdP Username, and click Save.
Multiple Egnyte Domain scenario
If you have multiple Egnyte domains, you will need to:
- Create SAML resource in Watchguard cloud for each domain.
In addition, all Service Provider Entity ID has to be set to:
- Download XML certificates for each domain and import them accordingly.
- During Egnyte Configuration, you need to turn on the domain-specific issuer.