FileCloud SSO Demystified
Single Sign On or SSO is the solution that gives one-click access to all of the applications with one password. According to Wikipedia, SSO is a property of access control of multiple related, but independent software systems. With this property a user logs in with a single ID and password to gain access to a connected system or systems without using different usernames or passwords.
The convenience of having a single username and password across multiple applications cannot be underestimated. Users can use one username and password across all applications. Users do not have to remember different login credentials for different sites. Users log in into one application and can have their login credentials preserved and carried over to all applications. Administrators do not have to worry about managing different set of passwords for different applications thereby reducing time, cost, and potential risks in password maintenance. Those are just few of the advantages of SSO.
FileCloud supports SSO across a range of authentication sources such as Active Directory, Active Directory Federation Services (ADFS), any SAML 2.0 protocol supported on premise identity provider, or Cloud based identity providers such as OKTA, onelogin, Centrify and much more.
NT LAN Manager (NTLM) is a suite of Microsoft security protocols that provides authentication, integrity and confidentiality to users. The objective is to use web browser such as Internet Explorer or Google Chrome to auto login to FileCloud website using windows Active Directory Authentication. Therefore, when a user browses to http://myfileclouddomain.com the user is seamlessly logged in to FileCloud using AD credentials without asking the user to enter username and password.
In Filecloud, Active Directory authentication must be set up and NTLM SSO can be configured as follows https://www.getfilecloud.com/supportdocs/display/cloud/NTLM+Single+Sign+On+Support
Active Directory Federation Services (ADFS) is a software component that runs on windows servers to provide users with single sign-on access to applications across organizational boundaries. ADFS integrates with Active Directory Domain Services, using it as an identity provider. The objective is to have FileCloud users authenticate against ADFS, on successful authentication response from ADFS the users are logged into FileCloud.
FileCloud integrated seamlessly with ADFS server using the federation metadata. FileCloud server acts as a Service Provider (SP) and ADFS acts as an Identity Provider (IdP). Login requests from the client web browser will be redirected to ADFS server. ADFS server authenticates the user using the ADFS datastore that can be a SQL database, AD Server or LDAP etc and returns the authentication token to successfully log in into FileCloud.
Following link https://www.getfilecloud.com/supportdocs/display/cloud/ADFS+Single+Sign+On+Support explains the step by step details on setting up ADFS and integrating with FileCloud.
Security Assertion Markup Language (SAML) is an XML based open standard data format for exchanging authentication and authorization data between parties. As with ADFS, FileCloud acts as a Service Provider (SP) and the customer must run the Identity Provider (Idp) server.
The following process explains how the user logs into a hosted FileCloud application through customer-operated SAML based SSO service.
- User attempts to reach the hosted FileCloud application through the URL.
- FileCloud generates a SAML authentication request. The SAML request is embedded into the URL for the customer’s SSO Service.
- FileCloud sends a redirect to the user’s browser. The redirect URL includes the SAML authentication request and is submitted to customer’s SSO Service.
- The Customer’s SSO Service authenticates the user based on valid login credentials.
- Customer generates a valid SAML response and returns the information to the User’s browser
- The customer SAML response is redirected to FileCloud.
- FileCloud authentication module verifies the SAML response.
- If the User is successfully authenticated, the user will be successfully logged into FileCloud.
Customers can run their own Identity Provider or can use one of the cloud based Identity Providers such as OKTA, One-login, Centrify etc. FileCloud can seamlessly integrate with any IdP as long as the IdP supports SAML 2.0 protocol.
The link https://www.getfilecloud.com/supportdocs/display/cloud/SAML+Single+Sign+On+Support explains the steps involved in integrating any Identity Provider with FileCloud.
In conclusion, Single Sign On (SSO) provides the convenience of a one-click login into multiple applications and websites. FileCloud supports different SSO mechanisms and will seamlessly integrate with a number of SSO Identity providers and existing SSO infrastructure.