Setting up SSO with file sharing
SSO integration with File Sharing is a three-part process:
- Customers are provided the information to set up the application in their identity provider (IdP).
- Once the customer has registered the application(s) in the IdP, specific parameters are provided to MFT to configure our side of the integration.
- We will schedule a meeting to test your SSO application(s).
Setting up your SSO process
Use the following to create a SAML 2.0 SSO application in their identity provider’s portal:
-
MFT Single sign URL = https://filesharingsiteurl/saml/AssertionConsumerService.aspx
-
MFT Entity ID (in Okta called Audience URI)
- US: ServiceProvider Name="urn:componentspace:ThruSite_US"
- UK: ServiceProvider Name="urn:componentspace:ThruSite_UK"
- AUS: ServiceProvider Name="urn:componentspace:ThruSite_AUS"
- GER: ServiceProvider Name="urn:componentspace:ThruSiteEU"
During the application process, make sure these claims are mapped to your Active Directory:
-
emailaddress - (mandatory)
-
givenname - (mandatory) if it does not exist in iDP, create a custom claim
-
surname - (mandatory) if it does not exist in iDP, create a custom claim
-
phone - (optional), if it does not exist in iDP, create a custom claim
-
company - (optional), if it does not exist in iDP, create a custom claim
In the 2nd step, we need the information from your identity provider.
- Customer Unique iDP URI: In SAML XML, it can be called entityID or Issuer. Examples:
"http://ThruADFS.Thru.PVT/adfs/services/trust"
"http://www.okta.com/exk19z4gbah5AATrh0h8" - Customer iDP Single sign-on service URL, Examples:
"https://ThruADFS.Thru.PVT/adfs/ls/"
"https://climate.okta.com/app/companynameThruSite/exk19z4gbah5AATrh0h8/sso/saml" - Customer IDP certificate in CER or CRT format.
In the 3rd step, MFT Customer success team follows up with you to schedule a meeting. In this meeting, we will test the SSO application links and verify that users can authenticate and that new users get created successfully.
