Single Sign On (SSO), SAML, SCIM
Single Sign-On (SSO) is an authentication mechanism that allows a user's identity to be managed by a single, trusted identity provider through which the user can access multiple service providers. SSO is rapidly gaining popularity both for security and compliance purposes, and to improve user experience in an increasingly complex applications and services environment. When your users have multiple apps and services to navigate, SSO helps keep it safe and simple.
ExaVault supports SP (Service Provider) initiated SSO flow securely and integrates with the most popular SSO providers.
Steps to perform on Entra
First, add the SmartFile (the former name for ExaVault) application from the Entra enterprise application gallery. Please refer to Microsoft's SmartFile tutorial for more information on how to complete this step.
Once the ExaVault application has been added to your Entra Enterprise applications list, click the application and click Assign Users and Groups to select the Entra users that will be signing into ExaVault using Entra SSO.
Click Setup single sign on and choose SAML. In the Basic SAML Configuration section, provide the following values:
Identifier (Entity ID): Your ExaVault site domain Note that this does not include HTTPS.
Reply URL (Assertion Consumer Service URL): A URL using the following pattern: https://<DOMAIN>/saml2/acs
Sign on URL: A URL using the following pattern: https://<DOMAIN>/ftp/login
In the section SAML Certificates, download the Federation Metadata XML file so that it may be uploaded to your ExaVault site.
Steps to Perform on ExaVault
Sign into your ExaVault account as an administrator and go to Admin Settings by clicking the gear in the upper-right corner.
In the left pane, click Settings > SSO. Then click Choose File in the Metadata XML file and select the Federation Metadata XML file you downloaded from Entra. Click Save to complete the configuration.
For each user assigned to your SSO method, create or modify the user with their username and email address configured as the email used in Microsoft Entra and the sign on method set to SSO.
Your site’s sign in page will now display a “Single Sign-On” button. Users will click on this button and be signed into ExaVault through Entra to their given account.
If a user gets a page saying that the account does not exist, ensure that the user’s email is set as the ExaVault user’s username and email.
Configuring SCIM for User Provisioning
To setup SCIM automatic provisioning, follow the instructions in Tutorial: Configure ExaVault for automatic user provisioning.
Last updated