The SAML 2.0 protocol is increasing in popularity, and there are a number of different flavours and variations provided by different identity providers (IDPs), like Active Directory Federation Services (ADFS), Google Suite (GSuite) or Okta.
The Enterprise File Fabric supports users logging-in via the SAML 2.0 protocol. This time we are covering how a SAML 2.0 configuration can be configured from the File fabric interface, and the specifics relating to the Okta platform:
From your Okta’s Administrative account, click on Applications from the top menu, and then click Add Application. From the left menu click on the Create New App button.
For the Platform option, select Web.
For the Sign on method, select SAML 2.0.
Then click Create.
On the next screen, we need to supply some basic information for the application.
For the App Name, provide a friendly name for the SME service, e.g. Enterprise File Fabric. Optionally you can also provide an App logo that users would recognize.
On the SAML settings screen we want to configure the fields as follows:
- Single sign on URL– This should be the URI of your Enterprise File Fabric appliance, appended by “/saml.htm”. For example “https://sme.example.com/saml.htm”
- Audience URI– This should be the URI of your Enterprise File Fabric appliance, e.g. “https://sme.example.com”
- Default RelayState– This should be left blank
- Name ID format– Select Email Address
- Application username– Select Okta Username
Under Show Advanced Settings:
- Tick Enable Single Logout
- In Single Logout URLenter the value you entered in Audience URI
- In SP Issuerenter the value you entered in Audience URI
- From the Signature Certificateupload the Signing Certificate that can be obtained from your Enterprise File Fabric appliance Auth System configuration screen.
Under Attribute Statements configure the mappings as follows:
- Name “email”, Name format “basic”, Value “user.email”
- Name “fullname”, Name format “basic”, Value “user.login”
- Name “username”, Name format “basic”, Value “user.login”
Under Group Attribute Statements, you will need to choose which groups need to be exposed to the Enterprise File Fabric.
A Groups Entry will need to be added with a name of “groups”. The Value is dependant on what you would like to expose to the Enterprise File Fabric. Some examples are below:
- Contains: IT – Matches groups containing the word “IT”
- Regex: “^.*$” – Matches all groups
Follow the on-screen steps to save the changes.
On the Application Details screen, under Sign On, click the View Setup Instructions button.
On the File Fabric SAML Auth System screen, enter the following values:
- The Service provider entity ID – The URIentered earlier from the Audience URI field
- SSO entry point – Enter the Identity Provider Single Sign-On URLfound on the Okta setup instructions screen
- The logout service endpoint – Enter the Identity Provider Single Logout URLfound on the Okta setup instructions screen.
- x509 Certificate – Enter the 509 Certificatefound on the Oka setup instructions screen
Before users are able to access the Okta application, Users or Groups must be assigned the application for it to be available to them.
Your Okta setup with the Enterprise File Fabric is now complete.
You can see how to set up SAML 2.0 with the Enterprise File Fabric here.
Also, check configurations from the File Fabric interface with:by