Single Sign On (SSO), SAML, SCIM

Single Sign-On (SSO) is an authentication mechanism that allows a user's identity to be managed by a single, trusted identity provider through which the user can access multiple service providers. SSO is rapidly gaining popularity both for security and compliance purposes, and to improve user experience in an increasingly complex applications and services environment. When your users have multiple apps and services to navigate, SSO helps keep it safe and simple.

SmartFile supports SP (Service Provider) initiated SSO flow securely and integrates with the most popular SSO providers.

Steps to perform on Entra

First, add the SmartFile application from the Entra enterprise application gallery. Please refer to Microsoft's SmartFile tutorial for more information on how to complete this step.

Once the SmartFile application has been added to your Entra Enterprise applications list, click the application and click Assign Users and Groups to select the Entra users that will be signing into SmartFile using Entra SSO.

Click Setup single sign on and choose SAML. In the Basic SAML Configuration section, provide the following values:

Identifier (Entity ID): Your SmartFile custom domain (e.g. yourcompany.smartfile.com). Note that this does not include HTTPS.

Reply URL (Assertion Consumer Service URL): A URL using the following pattern: https://<SUBDOMAIN>.smartfile.com/saml2/acs (e.g. https://yourcompany.smartfile.com/saml2/acs)

Sign on URL: A URL using the following pattern: https://<SUBDOMAIN>.smartfile.com/ftp/login (e.g. https://yourcompany.smartfile.com/ftp/login)

In the section SAML Certificates, download the Federation Metadata XML file so that it may be uploaded to your SmartFile site.

Steps to Perform on SmartFile

Sign into your SmartFile account as an administrator and go to Admin Settings by clicking the gear in the upper-right corner.

In the left pane, click Settings > SSO. Then click Choose File in the Metadata XML file and select the Federation Metadata XML file you downloaded from Entra. Click Save to complete the configuration.

For each user assigned to your SSO method, create or modify the user with their username and email address configured as the email used in Microsoft Entra and the sign on method set to SSO.

Your site’s sign in page will now display a “Single Sign-On” button. Users will click on this button and be signed into SmartFile through Entra to their given account.

If a user gets a page saying that the account does not exist, ensure that the user’s email is set as the SmartFile user’s username and email.

Configuring SCIM for User Provisioning

To setup SCIM automatic provisioning, follow the instructions in Tutorial: Configure SmartFile for automatic user provisioning.