Configuring SAML SSO for Egnyte

    These steps will guide you through setting up the single sign-on functionality between ADSelfService Plus and Egnyte.

    Prerequisites

    1. Log in to ADSelfService Plus as an administrator.
    2. Navigate to  Configuration > Self-Service > Password Sync/Single Sign On > Add Application, and select Egnyte from the applications displayed.
      Note: You can also find the application that you need from the search bar located in the left pane or the alphabet-wise navigation option in the right pane.
    3. Click IdP details at the top-right corner of the screen.
    4. In the pop-up that appears, click the Download IdP Metadata URL and download the ADSelfService Plus IdP metadata file.

      5. IdP details in ADSelfService Plus for Egnyte SSO

    Egnyte (Service Provider) configuration steps

    1. Login to Egnyte with an administrator’s credentials.
    2. From the menu on the top-left, choose Settings.

      3. Overview of the Egnyte panel while configuring SAML SSO via ADSelfService Plus

    3. Navigate to Configuration > Security and authentication > Single sign-on Authentication.

      4. Overview of the Egnyte SAML SSO settings

    4. Choose SAML 2.0 from the Single sign-on authentication drop-down.
    5. Click the Export Egnyte metadata XML link underneath the drop-down and save the metadata file.
    6. From the Identity provider drop-down, select Generic HTTP POST.
    7. Under IDENTITY PROVIDER CONFIGURATION, click on the import metadata XML link and upload the ADSelfService Plus metadata file downloaded in step 4 of the prerequisites.
    8. Under default user mapping, choose Email address.
    9. You can enable domain specific issuer value.
    10. Click Save changes at the top-right of the page.
    11. To enable SSO for users,
      1. From Settings, navigate to Users & Groups.

        2. Overview of the Egnyte SAML SSO settings

      2. Select the users or groups for whom you wish to enable SSO, and click Details.
      3. Click on the Profile tab.
      4. Under the Authentication drop-down, select SSO.

        5. Overview of the Egnyte user SSO settings

      5. Enter the IdP Username. The IdP username is the user's login name in ADSelfService Plus.
      6. Click Save.

    ADSelfService Plus (Identity Provider) configuration steps

    1. Now, switch to ADSelfService Plus’ Egnyte configuration page

      2. Overview of ADSelfService Plus' SSO settings while configuring SAML SSO for Egnyte

    2. Enter the Application Name and Description.
    3. In the Assign Policies field, select the policies for which SSO need to be enabled.
      Note: ADSelfService Plus allows you to create OU and group-based policies for your AD domains. To create a policy, go to Configuration > Self-Service > Policy Configuration > Add New Policy.
    4. Select Enable Single Sign-On.
    5. Enter the Domain Name of your Egnyte account. For example, if you use johndoe@thinktodaytech.com to log in to Egnyte, then thinktodaytech.com is the domain name.
    6. In a text editor, open the Egnyte metadata file downloaded in step 5 of the SP configuration, and locate the entityId and AssertionConsumerService parameter values.

      7. Overview of Egnyte's metadata while configuring SAML SSO via ADSelfService Plus

    7. Enter the entityID copied from Egnyte's metadata in the SP Identifier field.
    8. Enter the Assertion Consumer Service URL copied from Egnyte's metadata in the Assertion Consumer Service URL field. If your Egnyte metadata contains multiple Assertion Consumer URLs, click the + button next to the text field to add all of them.
    9. In the Name ID Format field, choose the format for the user login attribute value specific to the application.

      10. Note: Use Unspecified as the default option if you are unsure about the format of the login attribute value used by the application

    10. Click Add Application.
    Note: For Egnyte, single sign-on is supported for SP and IDP initiated flow.