How to configure Citrix ShareFile SSON with Microsoft Azure AD

In the last few years I have mostly implemented ShareFile Enterprise as part of the XenMobile Enterprise edition and therefor configured the XenMobile server as a SAML identity provider for ShareFile SSON. In the last few months I also see some companies that were only interested in the Citrix ShareFile solution without XenMobile. In this case there are some alternative ways to provide users single sign-on (SSON) to ShareFile, for example ADFS.

Another very good alternative is to provide SSON with Microsoft Azure AD. Most companies already have an Azure AD up and running these days if they use products like Microsoft Office 365 or the Microsoft Enterprise + Security suite. And in addition, it is pretty easy to configure as I will show you in this blog.

Microsoft Azure AD

Before you can configure Citrix ShareFile SSON with Microsoft Azure AD you need to make sure Azure AD is configured correctly. This means that the domain name used for the end users email address is added to the list of domains. I highly recommend to configure directory integration to automatically synchronize on-premise user accounts to Azure AD with the Azure AD Connect tool. For instructions how to configure Azure AD directory integration see :  Integrating your on-premises identities with Azure Active Directory

My Environment

For this blog I use my own test environment. I have an on-premise Domain Controller on which I have created a ShareFile security group and two test users which are member of that ShareFile security group.

Configuring Citrix ShareFile SSON with Azure AD - 001

Note: Make sure that all users have a valid E-mail address.

Configuring Citrix ShareFile SSON with Azure AD - 002

I have configured directory integration with Azure AD so the test users and the ShareFile security group is synchronized to Azure AD.

Configuring the ShareFile User Management Tool

For user synchronization between you on-premise domain and the ShareFile Control Plane install the Citrix ShareFile User Management Tool (UMT). The installation is straight forward (next, next, finish). The configuration steps are specified below.

Configuring Citrix ShareFile SSON with Azure AD - 003

Open the ShareFile User Management Tool and login with the ShareFile superuser / admin account

Configuring Citrix ShareFile SSON with Azure AD - 004

Login with your on-premise domain administrator account and click Connect

Configuring Citrix ShareFile SSON with Azure AD - 005

Click on Groups

Configuring Citrix ShareFile SSON with Azure AD - 006

Search for the ShareFile AD Group and click Add Rule

Configuring Citrix ShareFile SSON with Azure AD - 007

Click Close

Configuring Citrix ShareFile SSON with Azure AD - 008

Click Yes

Configuring Citrix ShareFile SSON with Azure AD - 009a

In the Edit Users Rule dialog, make sure that How will your employees log in? is set to AD-Integrated. Configure the other settings like Storage Zone and user rights and click on Save and Close.

Configuring Citrix ShareFile SSON with Azure AD - 010

Click on Commit Now. The users and group are now created in the ShareFile Control Plane. It’s also recommended to Schedule this task so users will be automatically provisioned at a scheduled time.

Configuring Citrix ShareFile SSON with Azure AD - 011

As you can see, the uses are now created in the Citrix ShareFile Control Plane.

Configure ShareFile Single Sing-on with Azure AD

Open a web browser and navigate to the classic Microsoft Azure portal : http://manage.windowsazure.com

Configuring Citrix ShareFile SSON with Azure AD - 012a

Navigate to Active Directory > <Your Directory> > Applications

On the bottom of the screen, click on Add

Configuring Citrix ShareFile SSON with Azure AD - 013

Click on Add an application from the gallery

Configuring Citrix ShareFile SSON with Azure AD - 014

Search for the ShareFile app and click on the checkmark

Configuring Citrix ShareFile SSON with Azure AD - 015a

Click on Configure single sign-on

Configuring Citrix ShareFile SSON with Azure AD - 016

Select Microsoft Azure AD Single Sign-On and click the next button.

Configuring Citrix ShareFile SSON with Azure AD - 017

Select the option Show advanced settings and fill in the following information;

SIGN ON URL : https://<account name>.sharefile.com/saml/login

IDENTIFIER : https://<account name>.sharefile.com/saml/info

REPLY URL : https://<account name>.sharefile.com/saml/acs

Configuring Citrix ShareFile SSON with Azure AD - 018

Download the certificate, open it in notepad, select all the text and copy it (CTRL+C)

 Configuring Citrix ShareFile SSON with Azure AD - 019

Open a second tab (do not close the first one) in your webbrowser and navigate to the Citrix ShareFile Admin Plane (https://<account name>.sharefile.com). Login with the administrator account, and go to: Admin > Configure Single Sign-On

By X.509 Certificate click Import or Change and past all the text from the certificate file

Configuring Citrix ShareFile SSON with Azure AD - 020

Fill in the following information;

Your IDS Issuer / Entity ID : copy/past the ENTITY ID URL from the Configure SSON Azure AD browser tab

ShareFile Issuer / Entity ID : https://<account name>.sharefile.com/saml/info

Login URL : copy/past the REMOTE LOGIN URL from the Configure SSON Azure AD browser tab

Logout URL : copy/past the REMOTE LOGOUT URL from the Configure SSON Azure AD browser tab

Configuring Citrix ShareFile SSON with Azure AD - 021

Scroll down and configure the following;

Require SSO Login: Enabled

SP-Initiated SSO certificate : HTTP Redirect with no signature

Enable Web Authentication : Enabled

SO-Initiated Auth Context : Unspecified – Exact

Click Save

Configuring Citrix ShareFile SSON with Azure AD - 022

Go back to the first browser tab and select Confirm that you have configured single sign-on as described above and click the next button.

Configuring Citrix ShareFile SSON with Azure AD - 023

Check if the Notification E-Mail address is correct and click on the checkmark

Configuring Citrix ShareFile SSON with Azure AD - 024

Click on Assign accounts

Configuring Citrix ShareFile SSON with Azure AD - 025

Search for the ShareFile group, select it and click on Assign

Configuring Citrix ShareFile SSON with Azure AD - 026

Click Yes

Test if ShareFile SSON with Azure AD is working

The final step is to test the configuration.

Configuring Citrix ShareFile SSON with Azure AD - 027

Open a browser and navigate to https://myapps.microsoft.com and login with a test user / test account

Configuring Citrix ShareFile SSON with Azure AD - 028

If everything is correct the Citrix ShareFile application is displayed in the Microsoft My Apps portal.

Click on Citrix ShareFile

Configuring Citrix ShareFile SSON with Azure AD - 029

The user will automatically login to the ShareFile portal within the need to re-enter his account credentials.

 

1 comment

  • Hi Robin, this is very useful for easily set up sharefile SSO. But from my site (Azure China) there is no Gallery option to choose sharefile as an application, I can only manually add it, but dont know the Login URL and Applicantion ID URI, can you help on this? thanks!

About Robin Hobo

I work as a Senior Solution Architect with focus on the Modern Workspace. I am specialized in Azure Virtual Desktop (AVD), Windows 365 and Microsoft EM+S (including Microsoft Endpoint Manager - Microsoft Intune).

For my full bio, check the About Me page.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close