Integrate Sharefile

ShareFile is a secure content collaboration, file sharing and sync software that supports all the document-centric tasks and workflow needs of small and large businesses. The company also offers cloud-based or on-premises storage, virtual data rooms and client portals. ShareFile is owned by Citrix Systems. See https://www.sharefile.com. You can protect access to ShareFile by integrating ShareFile with Identity as a Service. Once integrated, users can use single sign-on to log in to their Freshworks account through Identity as a Service.

Note: This integration was tested using Identity as a Service version 5.37 and ShareFile. Other versions of ShareFile may require integration and configuration steps that differ from those documented in this procedure. For other versions of ShareFile , this integration guide may be used as an initial approach for integrating ShareFile. In the event of other issues, contact support@entrust.com for assistance.

To integrate Keeper Security with Identity as a Service, you must do the following:

Before you begin, open two browser windows. In one window, log in to your Sharefile administrator account. In the other window, log in to your IDaaS administrator account.

Step 1: Copy the SAML configurations from Identity as a Service

Copy the SAML Configuration from Identity as a Service

1. Log into your Identity as a Service administrator account.

2. Click > Security > Applications. The Applications Lists page appears.

3. Under SAML Cloud Integrations, click SAML Configuration. The SAML Configuration dialog box appears.

This dialog box contains information you need to configure your SAML application for Identity as a Service authentication.

4. Do one of the following:

● Leave this dialog box open to reference later in this procedure.

● Copy the Entity ID, Single Sign-on URL, and Single Logout URL to a text file and save it to reference later in this procedure.

Note: Depending on the integration you are performing, you may not need all three of these SAML configuration values.

Step 2: Copy the SAML signing certificate from Identity as a Service

Copy a SAML signing certificate

1. Log in to your Identity as a Service administrator account.

2. Click > Security > Applications. The Applications List page appears.

3. Under SAML Cloud Integrations, click SAML Signing Certificates. The SAML Signing Certificates page appears.

4. Click next to the certificate to copy it to the clipboard.

You can additionally download the certificate and save it for future use.

5. Open a text editor, such as Notepad, and paste the contents of the certificate into the text file.

6. Save the file.

Note: Be sure to same the file with the .cer extension, for example, SAML_certifcate.cer.

Step 3: Configure Sharefile for SSO with IDaaS

1. Log in to your Sharefile administrator account. The Dashboard page appears.

2. Click Settings > Admin Settings. The Admin Overview page appears.

3. Expand Security and click Login & Security Policy. The Login & Security Policy page appears.

4. Scroll to Single sign-on / SAML 2.0 Configuration.

5. Open a text editor, such as Notepad, and copy and paste the following values:

● Assertion Consumer Service (ACS) URL

● SP-initiated Login URL

6. Leave this page open to return to later in this integration.

7. Scroll to Basic Settings, and do the following:

a. Set Enable SAML to Yes.

b. In the Sharefile Issuer / Entity ID field, copy the SP-Initiated Login URL without the /saml/login portion. For example,

The SP-Initiated Login URL is https://mydomain.sharefile.com/saml/login.

Copy https://mydomain.sharefile.com only, and paste it in the Sharefile Issuer / Entity ID field.

c. Under X.509 Certificate, click Change and paste the certificate file you copied in Step 2: Copy the SAML signing certificate from Identity as a Service.

d. In the Login URL field, enter the Single Sign-On URL you copied in Step 2: Copy the SAML signing certificate from Identity as a Service.

8. Scroll to Optional Settings and do the following:

a. Set Require SSO Login to Yes.

b. Set Enable Web Authentication to Yes.

c. From the SP-Initiated Auth Context drop-down lists, select User Name and Password and Minimum.

9. Click Save.

Step 4: Add Sharefile to Identity as a Service

1. In Identity as a Service, click > Security > Applications. The Applications Lists page appears.

2. Click Add. The Select an Application Template page appears.

3. Do one of the following:

● Select SAML Cloud Integrations from the search drop-down list and scroll to find the application you want to add to IDaaS.

- or -

● In the Search bar, enter a search option to filter for the application you want to add to IDaaS.

4. Click Sharefile. The Add Sharefile page appears.

5. Enter an Application Name.

6. Enter an Application Description.

7. Optional. Add a custom application logo.

a. Click next to Application Logo. The Upload Logo dialog box appears.

b. Click to select an image file to upload.

c. Browse to select your file and click Open. The Upload Logo dialog box reappears showing your selected image.

d. If required, resize your image.

e. Click OK.

8. Select the Authentication Flow that appears to users during login.

9. Click Next. The General page appears.

10. In the Default Assertion Consumer Service URL, paste the Assertion Consumer Service URL you copied in Step 1: Copy the Assertion Consumer Service URL and Entity ID URLs from Sharefile.

11. In the Service Provider Entity ID (Issuer) field, paste the SP-initiated Login URL you copied in Step 1: Copy the Assertion Consumer Service URL and Entity ID URLs from Sharefile.

12. Enter the SAML Session Timeout to the time when the SAML Assertion times out. The maximum is 720 minutes.

13. Enter the Max Authentication Age (seconds) to set the maximum amount of time that can elapse before a user is required to reauthenticate during a new login attempt. This applies for both SP-initiated and IDP-initiated login. Set this field to -1 to disable this feature.

14. From the SAML NameID Attribute drop-down list, select Email.

15. From the SAML NameID Encoding Format drop-down list, select Email.

16. From the SAML Signing Algorithm drop-down list, select SHA256.

17. From the SAML Signing Certificate from the drop-down list, select the SAML Signing Certificate.

18. Optional: Select Respond Immediately for Unsuccessful Responses to return to the application immediately after a login failure, rather than allow user to try again with a different userID.

19. Deselect Enable Go Back Button if you do not want users to be able to go back to the Sharefile login page to log in.

20. Leave the remaining settings at the default values.

21. Click Submit.

Step 5: Add a resource rule

Step 6: Test the integration

Testing Service Provider Login

1. Open a Web browser and enter the URL for your Sharefile account.

2. On the Login page, click SSO Login. You are directed to Identity as a Service.

3. Respond to the second-factor authentication challenge. If you respond successfully, you are logged in to the Keeper Security Console Home page.

Testing Identity as a Service redirect log in

1. Log in to your Identity as a Service account.

2. Go to your My Profile page if you are not already there.

3. Under Applications, click Sharefile.

4. Respond to the second-factor authentication challenge. If you respond successfully, you are logged in to Keeper Security Console Home page.