Set up ShareFile as the SP and EAA as the IdP

This procedure describes how to set up the ShareFile application as a service provider (SP) and EAA is the identity provider (IdP).

Complete the following steps to configure ShareFile as the SP and EAA as the IdP.

How to

  1. You need an existing ShareFile account or set up a free trial account.
  2. Create a new application in EAA. See Configure EAA as the IdP for a custom SaaS application to do so. Do not deploy the application at this time.
    1. Under the SAML SETTINGS tab, go the IDP info section.
    2. Copy the prepopulated Entity ID, Single SignOn (ACS) URL, and Single Logout URL for use in configuring the ShareFile SP.
    3. Click Download under the Signing certificate to download the XML file containing the required information onto your machine. You will also need this data to configure the ShareFile SP.
      ShareFile EAA IdP info

  3. Configure ShareFile as the SP.
    1. Log in to ShareFile using your admin credentials at https://<yourcompany>
      ShareFile login screen

    2. After you log in, go to the Settings > Admin Settings > Security > Login & Security Policy > Single Sign-on / SAML 2.0 Configuration Settings page. Select Yes to Enable SAML.
    3. Copy the Assertion Consumer Service (ACS) URL, SP-Initiated Login URL, and ShareFile Issuer / Entity ID URLs. You will need this data to complete the EAA IdP configuration.
      ShareFile SAML page

    4. After you enable SAML, configure the required parameters for the ShareFile SAML SSO using the data you copied from the EAA IdP application in Step 2b.
      • Copy the EAA IdP Identity ID data into the ShareFile IDP Issuer / Entity ID field
      • Copy the EAA IdP Signing certificate data into ShareFile by clicking X.509 Certificate > Change
      • Copy the EAA IdP SSO URL data into the ShareFile Login URL field
      • Configure the ShareFile Logout URL as https://<your EAA IDP user portal>/api/v2/logout (ShareFile did not participate in the SAML Single Logout).
      ShareFile SAML fields

    5. Click Save to save the SAML SSO settings in ShareFile.
      ShareFile save page

  4. Go back to the EAA IdP application and configure the SAML settings under the SAML SETTINGS tab to complete the set up.
    1. Add the Entity ID, ACS URL and other information required for SAML settings that you copied in Step 3c.
      • Copy the ShareFile Issuer/Entity ID data into the EAA IdP Entity ID field
      • Copy the ShareFile Assertion Consumer Service (ACS) URL data into the EAA IdP SSO (ACS) URL field
      ShareFile EAA input

    2. Click Save and go to Deployment.
      The DEPLOYMENT tab appears.
    3. On the DEPLOYMENT tab, click Deploy application.
  5. Test the SAML SSO to ShareFile.
    Note: ShareFile does not support IDP-initiated SAML SSO. ShareFile also does not support auto user-provision from SAML Response so you have to first add users to ShareFile before trying to test user SSO with the EAA SAML IdP.
    1. Open the browser to your ShareFile SP-Initiated Login URL: https://<yourcompany>
    2. Make sure the login page of your EAA IDP portal displays.
    3. Log in to the EAA IDP portal with a valid username and password and click Login. Note that EAA IdP should SSO you to ShareFile.