Integrating with ADFS for secure document sharing and external partner collaboration

The Enterprise File Fabric’s Secure Data Management solution is a powerful way to enable sharing and collaboration on company documents with other company team members using existing company storage resources, whether that is on -cloud or on-premises. Additionally, secure link sharing provides an audited compliant way  for users to provide password protected links to people outside of a company. However, what about when users want to easily invite people external to a company to securely share and collaborate on documents?

From a File Fabric perspective there are a few options, each of which could fit a companies particular unique environment: from inviting users directly within the File Fabric to registering an account, to even using a open-source Identity Management and Access Management solution like Keycloak as discussed previously here: File Fabric Group Collaboration Becomes Even Better with Keycloak.

But maybe you are like many other organizations and already making use of the cloud services Microsoft makes available from their Azure platform.  Wouldn’t be great if you could have your Azure AD Guest Accounts have access to the File Fabric?  The good news is you can, and its easy to setup and easy for your users to use!

In the File Fabric companies can use the SAML2.0 connector to create a new login button titled something like “Guest Account Login”. Just follow the simple instructions from our docs site: Configuring SAML with Azure AD

 

It’s that simple from the File Fabric side, now all guest users are able to login! Guests users will need to be invited within  an Azure AD, just like any other Azure Directory guest users invitation:

 

Simply fill out the information to invite users. One thing of note is that Guest Accounts can be assigned to Internal Azure AD groups, and the File Fabric will grant access to shared folders against those Internal Azure AD groups. So for example, a user may be added to a group called ProjectA which is being used to provide access to an existing Shared Team Folder in the File Fabric.

 

That’s all from the Azure side. Now the user will have access into the File Fabric. We can even use the Group WorkSpaces functionality to invite them to collaborate on specific files that are shared to that group:

That guest account will receive an invite via their email to join that Group WorkSpace:

 

From there they will be presented with the login screen, and that new “Guest Account Login” but we created for them:

 

The user will then go through their normal Microsoft login flow which will validate they are the user in question and Microsoft will validate they are an Azure AD guest account on  your system:

After that the user is logged into the File Fabric. As we see below the user will be able to see the files shared with them in that Group WorkSpaces file tree. As they are also part of the internal AD group “ProjectA” from the initial Azure invitation, we can see this external guest user  can also see the Shared team folder called ProjectA.

 

Using the Azure AD guest account feature, organizations can easily invite external partners/vendors/clients to help collaborate using the Enterprise File Fabric.

Companies can feel secure in the knowledge that they are fully federating external user logins ie. Microsoft ADFS is responsible for storing such user credentials, and dealing with specific login enforcement policies.  Once users are authenticated by ADFS and logged in the File Fabric’s unique collaboration capabilities are unlocked, in addition to the built in auditing, compliance and other secure data management features.

Want to know more or schedule a custom demo ? Please contact us.

Facebooktwitterredditpinterestlinkedinmailby feather
The following two tabs change content below.

Eric Toczek

Director of Sales Engineering at Storage Made Easy
Eric is responsible for technical presales activities at Storage Made Easy.