ShareFile and Azure AD-The Setup

If you're thinking about ShareFile, Citrix's secure file sharing solution, you should give thought to user account authentication and management.  Planning for this now will save you trouble in the future as your ShareFile needs and user base grows.  This is where Azure Active Directory can help.

If your organization is using Office 365, you're already using Azure Active Directory (AD).  Azure AD is a cost effective, reliable, and easy to use single sign-on (SSO) solution. With Azure AD It's simple to extend its use to SaaS applications like ShareFile.  Once Azure AD has been setup you can connect it to your on-premise Active Directory in minutes.  Microsoft offers different options for Azure AD based on your needs.

When you integrate ShareFile with Azure AD you'll be able to centrally manage who has access to through the Azure portal.  Because of Azure's SSO capabilities, you'll also be able to enable users to automatically sign onto ShareFile with their Azure AD accounts.
You can try Citrix ShareFile and Azure AD for free by signing up at their portals:

• Azure: https://azure.microsoft.com/en-us/
• ShareFile: https://citrix.cloud.com

Now, let's run through the process of configuring ShareFile to work with Azure AD.  For this demonstration, I've already configured Azure AD, enabled Azure Active Directory Connect, and completed the initial configuration of my ShareFile site.

Configure Azure AD

---

First logon into the Azure portal and go to the Azure Active Directory Section.  Once there pick on Enterprise Applications.



Once in the Enterprise Applications window click on New Application



From this window find the section Add From The Gallery and type in Citrix ShareFile or just ShareFile

Once You’ve selected Citrix ShareFile, click Add



Choose Single Sign-on



Choose SAML Based Sign-On from the Single Sign-on Mode drop down list

In the Citrix ShareFile Domain and URLs section enter the following information:

• Sign on URL
• Identifier
• Reply URL

This information will be found in your ShareFile Administration console in the Login & Security Policy section



Lower on the page you will see the SAML Signing Certificate, download the certificate from the link named Certificate (Base64)

Configure ShareFile

---

Logon to your Citrix ShareFile site and choose Security from Settings > Admin Settings



Choose Login & Security Policy



For Azure AD to work with Share File check Yes under Enable SAML, then fill out the following information:

• ShareFile Issuer/Entity ID
• Your IDP Issuer/Entity ID
• Upload the SAML certificate you downloaded earlier from Azure
• Login URL
• Logout URL

You will find the information needed above by logging into your Azure portal and going to Azure Active Directory > Enterprise Applications > All Applications > ShareFile and clicking on Configure Citrix ShareFile



Once Configure Citrix ShareFile opens, scroll down to the Quick Reference to find the IDP Issuer/Entity ID, SAML certificate (if needed), Login URL, and Logout URL.

To upload the certificate you downloaded you will need to open the file with a text editor such as Notepad and copy the contents so you can past it into window when prompted.



Finally you will need to click Yes under Require SSO Logon

Also, make sure you choose Exact and User Name and Password beneath the SP-Initiated Auth Context section.  If this is not set, you will not be able to log in Azure AD credentials.

Azure AD User Creation and Authorization

---

Now that Azure AD and ShareFile configuration is complete, create a user account

In the Azure Portal go to your Azure Active Directory and click Add A User



Give the user a Name and Username

In this example I’m using sbtest@siderbox.com, siderbox.com is the name of my Azure AD



One the user account is created if will show in your Users and Groups list and will be replicated to your on-premise Active Directory if you’re using Azure AD Connect



Now that the account is created, we need to authorize it to use Azure AD in conjunction with ShareFile

Navigate to Azure Active Directory > Enterprise Applications > All Applications and click on Citrix ShareFile



Select Users and Groups and click Add User



You can choose individual accounts or groups, in this example I am picking a group



Once the user or group is selected you need to assign it a Role, select Employee



Once users and groups and roles are selected click Assign

ShareFile User Enablement

---

The final step we need to take is to Enable users in ShareFile

Login to your ShareFile site if needed and navigate to People > Manage Users Home and click Create Employee



Fill in the user’s First Name, Last Name, and Email Address.

The email address must be valid, the user will be sent a verification email from ShareFile

Users can be created in bulk by clicking “Need To Import Multiple Users With Excel?”  This will allow you to download an Excel template which you can fill out and upload



Once the information is filled in, click Create & Continue



Make sure you’re completely logged out of ShareFile and navigate to your ShareFile page

You should see a new option: Company Employee Sign In, click Sign in



You should be sent to the Azure AD logon page

If your account is not already listed, click Use Another Account or type the address in and click Next



Type in your password when prompted and click Sign In



When successful, you’ll be logged into ShareFile with your Azure AD credentials! 

Now you can add more accounts.  Just follow the steps in the sections Azure AD User Creation and Authorization and ShareFile User Enablement above.

ShareFile is a great product, have fun and explore!

Notes and Thoughts

---

Other options, such as multi-factor authentication can be added to Azure AD.  We’ll explore that option in a future post.

Thank you for your time, until next time!