How to configure single sign-on for Citrix ShareFile
ADSelfService Plus supports Active Directory (AD)-based single sign-on (SSO) for Citrix ShareFile and many other SAML-enabled applications like Google Workplace and Micrososft 365. When SSO is enabled for Citrix ShareFile, users only have to log in once to ADSelfService Plus—the identity provider. After logging in, users can securely access their Citrix ShareFile account without having to enter their username and password again.
ADSelfService Plus supports both identity provider (IdP) and service provider (SP)-initiated SSO for Citrix ShareFile.
Supported SSO methods
IdP-initiated SSO for Citrix ShareFile: Users need to log in to the ADSelfService Plus self-service portal using AD credentials first, and then click on the Citrix ShareFile icon on the Applications dashboard to access Citrix ShareFile.
SP-initiated SSO for Citrix ShareFile: When users access Citrix ShareFile via a URL or bookmark, they are routed to the login page of ADSelfService Plus. After they log in using AD credentials, they will be redirected and logged into Citrix ShareFile automatically.
Follow the step-by-step guide given below to configure SSO for Citrix ShareFile
Before you begin:
Download and install ADSelfService Plus if you haven’t already.
Configuring your AD domain in ADSelfService Plus
ADSelfService Plus utilizes the existing AD domain credentials for authenticating users during SSO. This means you need to configure AD domains in ADSelfService Plus before enabling SSO for Citrix ShareFile.
By default, ADSelfService Plus will try to add all the AD domains that it can discover in the network. If the required domains are automatically added, skip to step 9; otherwise, follow the steps below and add the domains manually.
- Log in to the ADSelfService Plus web console using admin credentials.
- Click the Domain Settings link located in the top-right corner of the page.
- An Add Domain Details window will appear.
- In the Domain Name field, enter the name of the domain you want to add.
- In the Add Domain Controllers field, click Discover. ADSelfService Plus will try to automatically discover the domain controllers associated with the specified domain.
- If the domain controllers are not discovered automatically, enter the domain controller name in the field provided and click Add.
- You can leave the authentication fields empty if you're not going to use the end-user self-service features of ADSelfService Plus.
- In the Add Domain Details window, click Add.
Getting the SSO/SAML details from ADSelfService Plus
- Navigate to Configuration > Self-Service > Password Sync/Single Sign On.
- In the dashboard which displays the list of applications supported by ADSelfService Plus, click Citrix ShareFile.
- Click Download SSO Certificate located in the top-right corner of the page.
- In the pop-up that appears, copy the Login URL and Logout URL.
- Click Download Certificate to download the PEM file.
Configuring SSO settings in Citrix ShareFile
- Log in to Citrix ShareFile with administrator credentials.
- Navigate to Settings > Admin Settings > Security > Login & Security Policy.
- Scroll down to the Single sign-on / SAML 2.0 Configuration section and copy of the SP-Initiated Login URL.
- Select Yes under Enable SAML in the Basic Settings section.
- Paste the Login URL copied in step 12 in the Your IDP Issuer / Entity ID field.
- Open the PEM file from step 13 in a text editor (like Notepad), and copy the entire contents of the file (including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines). Paste the certificate file text in the X.509 Certificate field.
- Paste the Login URL copied in step 12 in the Login URL field.
- Paste the Logout URL copied in step 12 in the Logout URL field.
- Click Save.
Adding your Citrix ShareFile domain in ADSelfService Plus and enabling SSO
- Navigate back to ADSelfService Plus’ Citrix ShareFile configuration section (step 10).
- Enter the name of the domain for which you have enabled SSO in the Domain Name field.
- Provide an appropriate display name in the Display Name field.
- Enter the SP-initiated Login URL from step 15 in the SAML Redirect URL.
- Provide an appropriate description in the Description field.
- Select the policies for which SSO must be enabled in the Available Policies field.
Note: ADSelfService Plus allows you to create OU- and group-based policies for your AD domains. To create a policy, go to Configuration > Self-Service > Policy Configuration > Add New Policy. Click Select OUs/Groups and make the selection based on your requirements. You need to select at least one self-service feature.
- Click Save.
That’s it! Now users can log in to their Citrix ShareFile account automatically using SAML-based SSO.
Benefits
- Enable Citrix ShareFile SSO for specific users: The SAML-based SSO feature can be enabled for certain users belonging to specific domains, groups, and organizational units.
- Secure SSO logins with MFA: Using the MFA feature, additional authentication methods like biometrics and time-based one-time passcodes can be implemented to protect AD credential-based logins for SSO.
- Automate Citrix ShareFile SSO access based on conditions: Using the conditional access feature, access to the SSO feature can be automatically enabled or disabled based on factors like IP address used, geolocation of access, device used, and time of access.
Access more than 100 SAML-based application
with just a single login.
Thanks!
Your download is in progress and it will be completed in just a few seconds!
If you face any issues, download manually here
Highlights
Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console.
Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus!
Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.
Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more.
Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.
Portal that lets Active Directory users update their latest information and a quick search facility to scout for information about peers by using search keys, like contact number, of the personality being searched.