Shares allows users to create accounts and authenticate through a SAML IdP (identity provider). OneLogin is an example of an IdP that can easily be integrated into Shares after performing some basic configurations.
The instructions below walk you through the configurations on both the OneLogin side and the Shares side required to establish SAML authentication for your users.
1. Log in to your OneLogin interface and navigate to Apps > Add Apps on the main navigation menu.
2. Enter SAML in the search box and select SAML Test Connector (SP w/ signed assertion) from the results:
Give the Connector any name, and click Save.
3. Navigate to Apps > Company Apps from the main navigation menu and select the Connector you just saved.
4. Click the Configuration tab. Fill in the three fields in the following format, where your_shares_server.com should be replaced with the FQDN (fully qualified domain name) of your Shares server.
|ACS (Consumer) URL||
|ACS (Consumer) URL Validator||
Save your changes.
5. Click on the Parameters tab to add and configure the assertion values Shares requires for SAML authentication. These will be defined as parameters mapped to information from your underlying directory.
Email is a pre-defined parameter that is delivered to Shares as the NameID assertion value. This means the Email parameter will act as a user’s login name for Shares. If your organization uses email addresses as login names, you do not have to remap the Email parameter. Otherwise, it should be mapped to the field that the underlying directory uses for account names.
Click Add parameter for each required field, and map the values as shown below:
Save your changes.
6. Click on the SSO tab. The values shown here and within the View Details link must be saved in Shares to complete the process.
Your should already have defined the certificate, but if not this is something you will need to configure (see this OneLogin help article).
7. Switch over to Shares in a new window or tab and log in using the local logon URL (which allows you as an administrator to log in locally without SAML):
Click Admin on the top right, then under Accounts click Directories. On the line for SAML Identity Provider, click edit.
8. Select Log in using a SAML Identity Provider if you have not done so already. Here you will be configuring Shares to use the OneLogin IdP for SAML authentication:
For the IdP Single Sign-On URL field, paste in the SAML 2.0 Endpoint URL given in the OneLogin SSO parameters page. The values for IdP Certificate Fingerprint and IdP Certificate values come from the View Details link on the SSO parameter page:
Click Update to finish.
9. Shares is now set up to use SAML-based authentication via OneLogin.