Configure ShareFile Single Sign-On with Microsoft Azure AD

You can configure Microsoft Azure AD to function as a SAML identity provider for ShareFile.

Prerequisites
Microsoft Azure Subscription with Azure Managed Active Directory
ShareFile Account with Single Sign On Enabled
Email Attribute of Azure AD user matches Email attribute of ShareFile user
 Configure ShareFile SSO with Microsoft Azure AD 2

Step 1
Login to the Azure Management portal, and select Active Directory. From this tab, select the Active
Directory instance you want to manage.

Step 2
Select Applications. Choose Add. Select Add Application from Gallery. Search for ShareFile, and
select to add application.

Step 3
Choose Configure Single Sign On. Select the option Microsoft Azure AD Single Sign-On.

Step 4
On the Configure App Settings menu, make the following modifications:
A. Sign On URL fill this out in https://subdomain.sharefile.com format - substituting the appropriate
subdomain for your account subdomain.
B. Identifier fill out any value for this field, making sure that it exactly matches the ShareFile
Issuer/Entity ID value within ShareFile Configure Single Sign-On. The default value is
https://account.sharefile.com/saml/info substituting the appropriate subdomain value for your account.
C. Reply URL fill out the assertion consumer service value for the SAML endpoint, the value will be
https://account.sharefile.com/saml/acs - substituting the appropriate subdomain for your account.
D. Select Show advanced settings (optional).'
 Configure ShareFile SSO with Microsoft Azure AD 3

Step 5
Select Download Certificate. Open the certificate in notepad, or a text editor, and copy the entire
certificate hash including BEGIN CERTIFICATE and END CERTIFICATE portions. Within ShareFile,
apply the certificate hash value from Azure in the X.509 Certificate section by selectingChange.

Step 6
Copy the Entity ID field from Azure, and apply to the IDP Issuer/Entity ID in ShareFile.

Step 7
Copy the Remote Login URL field from ShareFile, and apply to the Login URL field in ShareFile.Modify
SP Initiated Auth Context to Unspecified/Exact within ShareFile.

Step 8
Select Confirm within the Azure Portal, enabling the certificate to work for Sign-On requests to ShareFile.
 Configure ShareFile SSO with Microsoft Azure AD 4

Step 9
Navigate to the Users tab of the configured application. Ensure you have assigned users to access
the Azure AD SAML Application.

Step 10
Select Save within ShareFile to save settings. From a browser session, navigate to
https://subdomain.sharefile.com substituting the appropriate subdomain with your own subdomain, to
test the sign in process. Sign in with your directory credentials.

Troubleshooting
Error: Invalid Single-Sign On Request (User Not Valid for This Provider).

Resolution: Confirm the email address of the ShareFile account matches the email address of
the Azure AD account, and confirm the user account has been added & given access to the
application.

Error: Sorry, but were having trouble signing you in. We received a bad request (Azure)

Resolution: SAML authentication requests RequestedAuthenticationContexts Comparison

value must be Exact. Change the SP Initiated Auth Context value in ShareFile to Unspecified
with Exact as the value.

Error: Sorry, but were having trouble signing you in. We received a bad request (Azure)

Resolution: Application with identifier (XXXXXXX) was not found in the directory XXXXXXX.
Ensure the Sign On URL value within Azure exactly matches the ShareFile Issuer/Entity ID
value in ShareFile Configure Single Sign-On. These values are case sensitive and must exactly
match. The default format is https://account.sharefile.com/saml/info - substituting the appropriate
account value.