Find an Answer
You can integrate your ShareFile account with Active Directory (AD) to enable single sign-on for users with AD credentials. ShareFile supports Security Assertion Markup Language (SAML) for single sign-on. You configure ShareFile to communicate with a SAML-based federation tool running in your network. User logon requests are then redirected to Active Directory. You can use the same SAML Identity Provider that you use for other web applications.
Documented and tested using:
ShareFile only tests and supports using SHA-1 certificates.
ShareFile Single Sign-On with ADFS does not support the use of self-signed certificates.
Internet Explorer version 8 is not compatible with ShareFile's ADFS configuration. It is recommended that users update their Internet Explorer browser to the latest version.
Specify the ShareFile subdomain: mysubdomain.sharefile.com or, in Europe, mysubdomain.sharefile.eu
Specify the SAML authentication URL: https://mysubdomain.sharefile.com/saml/acs
Specify the relying party identifier: mysubdomain.sharefile.com
Allow all users to access that relying party.
Define the content of the SAML token generated by the federation service and submitted to sharefile.com.
Sharefile.com requires a Name ID in Email format. You can use the Active Directory User Principal Name (UPN) as the attribute source and convert it into the Name ID and Email attributes. If the UPN does not match your company email address, you can use the Active Directory Email attribute instead.
For example, the ADFS claims rule settings to send LDAP attributes as claims are:
The ADFS claims rule settings to transform the incoming claim are:
Set the signature format for your relying party (mysubdomain.sharefile.com) to SHA-1.
Create a DNS entry for the federation server service identity, pointing to the federation server or to a network load balancer.
For information about using proxies in the DMZ and using multiple federation servers for high availability, refer to the documentation for your federation tool.
Export the security certificate from your federation tool:
In the ShareFile web interface, click Admin and then click Configure Single Sign-On.
Select the Enable SAML check box.
Enter the issuer or entity ID for the ShareFile service and verify the default value for your Identity Provider (IDP).
Enter the security certificate:
Enter the Login URL provided by your SAML Identity Provider. This is the address web clients will be redirected to when accessing SAML logon page. For example, for ADFS it is https://adfs.mysubdomain.com/adfs/ls/.
Choose an authentication context:
To test single sign-on: Open a web browser and open the URL https://mysubdomain.sharefile.com/saml/login. If you are using Integrated Windows Authentication, you will be silently logged on to ShareFile. Otherwise, you will be redirected to the logon page of the federation server. If you have issues with Integrated Windows Authentication, check the Internet Explorer security settings.