Configuring SAML SSO for Citrix ShareFile

These steps will guide you through setting up the single sign-on functionality between ADSelfService Plus and Citrix ShareFile.

Prerequisite

1. Log in to ADSelfService Plus as an administrator.
2. Navigate to  Configuration → Self-Service → Password Sync/Single Sign On → Add Application, and select Citrix ShareFile from the applications displayed.
   Note: You can also find Citrix ShareFile application that you need from the search bar located in the left pane or the alphabet wise navigation option in the right pane.
3. Click IdP details in the top-right corner of the screen.
4. In the pop-up that appears, copy the Entity ID, Login URL and Logout URL
5. Download the certificate by clicking Download Certificate

Citrix ShareFile (Service Provider) configuration steps

1. Now, login to Citrix ShareFile portal with an administrator’s credentials.
2. Navigate to Settings → Admin Settings → Security → Login & Security Policy.
3. Scroll down to Single sign-on / SAML 2.0 Configuration.
4. Under Basic Settings, click Yes for Enable SAML
5. In the Your IDP Issuer / Entity ID field, enter the Login URL value you had saved in the Step 4 of Prerequisite.
6. In the X.509 Certificate field, upload the certificate (PEM) file you downloaded in Step 5 of Prerequisite.

7. In the Login URL and Logout URL fields, enter the Login URL value and Logout URL value you had saved in the Step 4 of Prerequisite respectively.

   

8. Under the Single sign-on / SAML 2.0 Configuration section, note down the value of the SP-initiated Login URL.

   
9. Click Save to complete the configuration

ADSelfService Plus (Identity Provider) configuration steps

1. Now, switch to ADSelfService Plus’ Citrix ShareFile configuration page.
2. Enter the Application Name and Description.
3. In the Assign Policies field, select the policies for which SSO need to be enabled.
   Note:ADSelfService Plus allows you to create OU and group-based policies for your AD domains. To create a policy, go to Configuration → Self-Service → Policy Configuration → Add New Policy.
4. Select Enable Single Sign-On.
5. Enter the Domain Name of your Citrix ShareFile account. For example, if you use johndoe@thinktodaytech.com to log in to Citrix ShareFile, then thinktodaytech.com is the domain name.
6. In the SAML Redirect URL field, enter the value you copied in Step 8 of Citrix ShareFile configuration.
7. Enter the Assertion Consumer Service URL provided by your application service provider in the Assertion Consumer Service URL field. If required, click the + button next to the text field to add multiple Assertion Consumer URLs. These values can be found in the application's SSO configuration page or metadata. Please reach out to your application's support team if you are having trouble locating the Assertion Consumer Service URL in your application's user interface or metadata.
8. In the Name ID Format field, choose the format for the user login attribute value specific to the application.

Note: Use Unspecified as the default option if you are unsure about the format of the login attribute value used by the application

9. Click Add Application

Your users should now be able to sign in to Citrix Sharefile through ADSelfService Plus.

Note: For Citrix ShareFile, both SP & IDP initiated flows are supported.