Egnyte Provisioner

Configure Egnyte for SSO

About this task

To proceed with configuring Egnyte for SSO, you will require the below details from PingFederate.

  • Identity provider login URL

    • Example: https://<pf_hostname>:<pf_port>/idp/SSO.saml2

  • Identity provider entity ID

    • This is the SAML 2.0 Entity ID from PingFederate, which can be found on the Server Configuration → Server Settings → Federation Info screen. For more information, see Specifying federation information.

  • Identity provider certificate

The following section describes the steps to configure SSO in Egnyte. For more information, see Single Sign-On (SSO) Configuration.

For users to sign in through SAML SSO, their authType attribute must be set to 'sso'. The authType attribute may be set when the user is provisioned or by an administrator on the user’s profile under Settings → Configuration → Users & Groups. For more information, see Supported attributes reference.

Steps

  1. Log in to your Egnyte subdomain as an administrative user for your organization.

  2. Navigate to Settings → Configuration → Security & Authentication.

  3. Under the Single Sign-on Authentication section:

    • Select SAML 2.0 as the Single sign-on authentication type.

    • Select PingFederate as the Identity provider.

    • Set the Identity provider login URL, Identity provider entity ID, and Identity provider certificate.

      The Identity provider certificate is the PEM-encoded X.509 certificate from PingFederate. Paste the entire certificate, but remove the BEGIN and END CERTIFICATE lines.

    • Set the Default user mapping. The value of the SAML_SUBJECT sent in your SP connection’s attribute contract must match this mapping.

    • Optional: Set the User domain-specific Issuer value based on your business use.

      An image of a Single Sign-On Authentication sample configuration in Egnyte.

  4. Click the Save button.