<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=76180&amp;fmt=gif">

THE BLOG

ShareFile and Azure AD-The Setup

azure_ad_meets_sharefile.png

If you're thinking about ShareFile, Citrix's secure file sharing solution, you should give thought to user account authentication and management.  Planning for this now will save you trouble in the future as your ShareFile needs and user base grows.  This is where Azure Active Directory can help.

If your organization is using Office 365, you're already using Azure Active Directory (AD).  Azure AD is a cost effective, reliable, and easy to use single sign-on (SSO) solution. With Azure AD It's simple to extend its use to SaaS applications like ShareFile.  Once Azure AD has been setup you can connect it to your on-premise Active Directory in minutes.  Microsoft offers different options for Azure AD based on your needs.

When you integrate ShareFile with Azure AD you'll be able to centrally manage who has access to through the Azure portal.  Because of Azure's SSO capabilities, you'll also be able to enable users to automatically sign onto ShareFile with their Azure AD accounts.

You can try Citrix ShareFile and Azure AD for free by signing up at their portals:

Now, let's run through the process of configuring ShareFile to work with Azure AD.  For this demonstration, I've already configured Azure AD, enabled Azure Active Directory Connect, and completed the initial configuration of my ShareFile site.

Configure Azure AD

First logon into the Azure portal and go to the Azure Active Directory Section.  Once there pick on Enterprise Applications.

Fisrt Logon into the Azure protal and go to the Azure Active Directory



Once in the Enterprise Applications window click on New Application

Once in the Enterprise Applications window click on New Application

From this window find the section Add From The Gallery and type in Citrix ShareFile or justShareFile

Once You’ve selected Citrix ShareFile, click Add

From this window find the section Add From The Gallery and type in Citrix ShareFile or justShareFile

Choose Single Sign-on

Choose Single Sign-on

Choose SAML Based Sign-On from the Single Sign-on Mode drop down list

In the Citrix ShareFile Domain and URLs section enter the following information:

  • Sign on URL
  • Identifier
  • Reply URL

This information will be found in your ShareFile Administration console in the Login & Security Policy section

Choose SAML Based Sign-On from the Single Sign-on Mode drop down list

Lower on the page you will see the SAML Signing Certificate, download the certificate from the link named Certificate (Base64)

Lower on the page you will see the SAML Signing Certificate, download the certificate from the link named Certificate (Base64)

 

Configure ShareFile


Logon to your Citrix ShareFile site and choose Security from Settings > Admin Settings

Logon to your Citrix ShareFile site and choose Security from Settings > Admin Settings

Choose Login & Security Policy

Choose Login & Security Policy

For Azure AD to work with Share File check Yes under Enable SAML, then fill out the following information:

  • ShareFile Issuer/Entity ID
  • Your IDP Issuer/Entity ID
  • Upload the SAML certificate you downloaded earlier from Azure
  • Login URL
  • Logout URL

For Azure AD to work with Share File check Yes under Enable SAML, then fill out the following information:

You will find the information needed above by logging into your Azure portal and going to Azure Active Directory > Enterprise Applications > All Applications > ShareFile and clicking on Configure Citrix ShareFile

You will find the information needed above by logging into your Azure portal and going to Azure Active Directory > Enterprise Applications > All Applications > ShareFile and clicking on Configure Citrix ShareFile

Once Configure Citrix ShareFile opens, scroll down to the Quick Reference to find the IDP Issuer/Entity ID, SAML certificate (if needed), Login URL, and Logout URL.
Once Configure Citrix ShareFile opens, scroll down to the Quick Reference to find the IDP Issuer/Entity ID, SAML certificate (if needed), Login URL, and Logout URL.

To upload the certificate you downloaded you will need to open the file with a text editor such as Notepad and copy the contents so you can past it into window when prompted.

To upload the certificate you downloaded you will need to open the file with a text editor such as Notepad and copy the contents so you can past it into window when prompted.

Finally you will need to click Yes under Require SSO Logon

Also, make sure you choose Exact and User Name and Password beneath the SP-Initiated Auth Context section.  If this is not set, you will not be able to log in Azure AD credentials.

Also, make sure you choose Exact and User Name and Password beneath the SP-Initiated Auth Context section.

Azure AD User Creation and Authorization


Now that Azure AD and ShareFile configuration is complete, create a user account

In the Azure Portal go to your Azure Active Directory and click Add A User

In the Azure Portal go to your Azure Active Directory and click Add A User

Give the user a Name and Username

In this example I’m using sbtest@siderbox.com, siderbox.com is the name of my Azure AD

In this example I’m using sbtest@siderbox.com, siderbox.com is the name of my Azure AD

One the user account is created if will show in your Users and Groups list and will be replicated to your on-premise Active Directory if you’re using Azure AD Connect

One the user account is created if will show in your Users and Groups list and will be replicated to your on-premise Active Directory if you’re using Azure AD Connect

Now that the account is created, we need to authorize it to use Azure AD in conjunction with ShareFile

Navigate to Azure Active Directory > Enterprise Applications > All Applications and click onCitrix ShareFile

Navigate to Azure Active Directory > Enterprise Applications > All Applications and click onCitrix ShareFile

Select Users and Groups and click Add User

Select Users and Groups and click Add User

You can choose individual accounts or groups, in this example I am picking a group

You can choose individual accounts or groups, in this example I am picking a group

Once the user or group is selected you need to assign it a Role, select Employee 

Once the user or group is selected you need to assign it a Role, select Employee

Once users and groups and roles are selected click Assign

Once users and groups and roles are selected click Assign

ShareFile User Enablement


The final step we need to take is to Enable users in ShareFile

Login to your ShareFile site if needed and navigate to People > Manage Users Home and click Create Employee

Login to your ShareFile site if needed and navigate to People > Manage Users Home and click Create Employee

Fill in the user’s First Name, Last Name, and Email Address.

The email address must be valid, the user will be sent a verification email from ShareFile

Users can be created in bulk by clicking “Need To Import Multiple Users With Excel?”  This will allow you to download an Excel template which you can fill out and upload

Users can be created in bulk by clicking “Need To Import Multiple Users With Excel?”  This will allow you to download an Excel template which you can fill out and upload

Once the information is filled in, click Create & Continue

Once the information is filled in, click Create & Continue

Make sure you’re completely logged out of ShareFile and navigate to your ShareFile page

You should see a new option: Company Employee Sign In, click Sign in

You should see a new option: Company Employee Sign In, click Sign in

You should be sent to the Azure AD logon page

If your account is not already listed, click Use Another Account or type the address in and click Next

If your account is not already listed, click Use Another Account or type the address in and click Next

Type in your password when prompted and click Sign In

Type in your password when prompted and click Sign In

When successful, you’ll be logged into ShareFile with your Azure AD credentials!  

Now you can add more accounts.  Just follow the steps in the sections Azure AD User Creation and Authorization and ShareFile User Enablement above.

ShareFile is a great product, have fun and explore!

ShareFile is a great product, have fun and explore!

 

Notes and Thoughts


Other options, such as multi-factor authentication can be added to Azure AD.  We’ll explore that option in a future post.

Thank you for your time, until next time!

Originally posted on Tuesday, December 12, 2017, by Matthew Carlton at http://www.siderbox.com

 

Share this Post:
« Native Kubernetes Services with Amazon EKS
How to Setup Smart Check with Citrix Cloud »

We've moved! Check out our new HQ office at the Kenwood Tower

It's official, we are up and running in our brand new office space! Schedule a tour of our beautiful new facility located on the third floor of the Kenwood Tower at 5905 E Galbraith Rd, Cincinnati.
SCHEDULE A TOUR