Set up ShareFile as the SP and EAA as the IdP
This procedure describes how to set up the ShareFile application as a service provider (SP) and EAA is the identity provider (IdP).
Complete the following steps to configure
ShareFile as the SP and EAA as the IdP.
How to
- You need an existing ShareFile account or set up a free trial account.
-
Create a new application in EAA.
See Configure EAA as the IdP for a
custom SaaS application to do so. Do not deploy the application at
this time.
- Under the SAML SETTINGS tab, go the IDP info section.
- Copy the prepopulated Entity ID, Single SignOn (ACS) URL, and Single Logout URL for use in configuring the ShareFile SP.
-
Click
Download under the Signing
certificate to download the XML file containing the
required information onto your machine. You will also need this data to
configure the ShareFile SP.
ShareFile EAA IdP info
-
Configure ShareFile as the SP.
-
Log in to ShareFile using your admin credentials at
https://<yourcompany>.sharefile.com/.
ShareFile login screen
- After you log in, go to the Settings > Admin Settings > Security > Login & Security Policy > Single Sign-on / SAML 2.0 Configuration Settings page. Select Yes to Enable SAML.
-
Copy the Assertion Consumer Service (ACS) URL,
SP-Initiated Login URL, and
ShareFile Issuer / Entity ID URLs. You will need this
data to complete the EAA IdP configuration.
ShareFile SAML page
-
After you enable SAML, configure the required parameters for the
ShareFile SAML SSO using the data you copied from the EAA IdP
application in Step 2b.
- Copy the EAA IdP Identity ID data into the ShareFile IDP Issuer / Entity ID field
- Copy the EAA IdP Signing certificate data into ShareFile by clicking X.509 Certificate > Change
- Copy the EAA IdP SSO URL data into the ShareFile Login URL field
- Configure the ShareFile Logout URL as https://<your EAA IDP user portal>/api/v2/logout (ShareFile did not participate in the SAML Single Logout).
ShareFile SAML fields
-
Click Save to save the SAML SSO settings in
ShareFile.
ShareFile save page
-
Log in to ShareFile using your admin credentials at
https://<yourcompany>.sharefile.com/.
-
Go back to the EAA IdP application and configure the SAML settings under the
SAML SETTINGS tab to complete the set up.
-
Add the Entity ID, ACS URL and other information required for SAML
settings that you copied in Step 3c.
- Copy the ShareFile Issuer/Entity ID data into the EAA IdP Entity ID field
- Copy the ShareFile Assertion Consumer Service (ACS) URL data into the EAA IdP SSO (ACS) URL field
ShareFile EAA input
-
Click Save and go to Deployment.
The DEPLOYMENT tab appears.
- On the DEPLOYMENT tab, click Deploy application.
-
Add the Entity ID, ACS URL and other information required for SAML
settings that you copied in Step 3c.
-
Test the SAML SSO to ShareFile.
Note: ShareFile does not support IDP-initiated SAML SSO. ShareFile also does not support auto user-provision from SAML Response so you have to first add users to ShareFile before trying to test user SSO with the EAA SAML IdP.
- Open the browser to your ShareFile SP-Initiated Login URL: https://<yourcompany>.sharefile.com/saml/login.
- Make sure the login page of your EAA IDP portal displays.
- Log in to the EAA IDP portal with a valid username and password and click Login. Note that EAA IdP should SSO you to ShareFile.