Ctrlk
Home

Single Sign On (SSO), SAML, SCIM

Single Sign-On (SSO) lets a user's identity be managed by a single, trusted identity provider that grants access to multiple service providers. It improves security and compliance posture and reduces the number of credentials each user has to manage.

ExaVault supports SP (Service Provider) initiated SSO flow and integrates with the most popular SSO providers.

Steps to Perform on Entra

First, add the SmartFile (the former name for ExaVault) application from the Entra enterprise application gallery. Please refer to Microsoft's SmartFile tutorial for more information on how to complete this step.

Once the ExaVault application has been added to your Entra Enterprise applications list, click the application and click Assign Users and Groups to select the Entra users that will be signing into ExaVault using Entra SSO.

Click Setup single sign on and choose SAML. In the Basic SAML Configuration section, provide the following values:

  • Identifier (Entity ID): Your ExaVault site domain, without the https:// prefix.

  • Reply URL (Assertion Consumer Service URL): https://<DOMAIN>/saml2/acs

  • Sign on URL: https://<DOMAIN>/ftp/login

In the section SAML Certificates, download the Federation Metadata XML file so that it may be uploaded to your ExaVault site.

Steps to Perform on ExaVault

Sign into your ExaVault account as an administrator and go to Admin Settings by clicking the gear in the upper-right corner.

In the left pane, click Settings > SSO. Then click Choose File in the Metadata XML file and select the Federation Metadata XML file you downloaded from Entra. Click Save to complete the configuration.

For each user assigned to your SSO method, create or modify the user with their username and email address configured as the email used in Microsoft Entra and the sign on method set to SSO.

Your site's sign in page will now display a "Single Sign-On" button. Users will click on this button and be signed into ExaVault through Entra to their given account.

If a user gets a page saying that the account does not exist, ensure that the user's email is set as the ExaVault user's username and email.

Configuring SCIM for User Provisioning

To setup SCIM automatic provisioning, follow the instructions in Tutorial: Configure ExaVault for automatic user provisioning.

PreviousTwo-Factor Authentication (2FA)NextActive Directory & LDAP

Last updated