Okta SSO


Files.com supports Single Sign-On with Okta using either SAML or OpenID Connect. We recommend using SAML if possible, because it is a more robust integration technology that supports more use cases. Both sets of instructions are presented here.

Okta SSO via SAML

Adding Files.com in Okta via SAML

After logging in to your Okta account as an administrator, navigate to Applications and click the Create App Integration button.

From the "Create a new app integration" window, select SAML 2.0 as Sign-in method and click "Next"

In the form, enter Files.com in the App name field and click Next.

Complete the form using the following values (leave other fields at their defaults):

  • Single Sign On URL: https://app.files.com/saml/consume
  • Audience URI (SP Entity ID): https://app.files.com/saml/metadata
  • Default RelayState: [SUBDOMAIN].files.com (Replace SUBDOMAIN with your Files.com subdomain).
  • Name ID format: EmailAddress
  • Application username: Email

Then click Next, choose "I'm an Okta customer adding an internal app" (leave other fields at their defaults), and click Finish.

On the App details Sign On page, copy the Identity Provider metadata URL by right-clicking (or CTRL-clicking) the link and selecting Copy link address. You will need this URL when adding Okta in Files.com.

Adding Okta in Files.com via SAML

After logging in to your Files.com account as an administrator, navigate to Settings > Users > User Settings > SSO Providers, and click the Add provider button. Click to select the Okta provider.

There are three different ways you can connect to SAML provider:

Using Metadata URL

In the Add provider form, select the Use SAML option, and paste the Identity Provider metadata URL you copied from Okta into the Metadata URL field.

Using Metadata XML file

If you require to use metadata XML file to connect to Okta via SAML, as a Okta administrator, save the content of Identity Provider metadata URL to an XML file. In Files.com, select the option Metadata XML file and select the XML file you created from Okta.

Using Certificate Fingerprint

If you require to use Certificate Fingerprint to connect to Okta via SAML, download the certificate from Okta application dashboard. To get the certificate and issuer URL, go to the application you created in Okta ans click on Sign On > View Setup Instructions. Once the Certificate is downloaded on your local machine, run the following command using terminal to obtain the Certificate's Fingerprint

  • 'openssl x509 -in [your_cert_file] -noout -sha256 -fingerprint'

In Files.com, select the "Certificate Fingerprint" option and paste the fingerprint you obtained from the above command. Also, paste the Issuer URL you copied from Okta. You can use the same URL for SLO endpoint and SSO endpoint also.

Lastly, click the Save button to apply the changes.

The Okta SSO method will now be available when assigning an authentication method for a user in Files.com, and the Sign in with Okta button will be displayed on your site's login page.

Okta SSO via OAuth or OpenID Connect

Adding Files.com in Okta

After logging in to your Okta account as an administrator, navigate to Applications and click the Create App Integration button.

Select OIDC - OpenID Connect as sign-in method, and select Web Application as the Application type, and then click the Next button.

In the form, enter Files.com in the App Integration Name field, and enter the following URL in the Sign-in redirect URIs field:

https://app.files.com/login_from_oauth?provider=okta

You can use the same URL for Sign-out redirect URIs

Click the Save button to finish adding the application. In the integration summary page, find the Client Credentials box. Click the clipboard icon next to the Client ID to copy it. Keep this browser tab open, as you'll be returning here to copy the Client secret later.

Adding Okta in Files.com

After logging in to your Files.com account as an administrator, navigate to Settings > Users > User Settings > SSO Providers, and click the Add provider button. Click to select the Okta provider and select Use OAuth.

In the Add provider form, enter your Okta subdomain into the Subdomain field, and paste the Client ID you copied in the previous step into the Client ID field.

Back in Okta, click the clipboard icon next to the Client secret to copy it, and paste it into the Client secret field in Files.com

Lastly, click the Save button to apply the change.

The Okta SSO method will now be available when assigning an authentication method for a user in Files.com, and the Sign in with Okta button will be displayed on your site's login page.

Provisioning Users Automatically

There are two ways to automatically provision users via Okta.

SCIM Provisioning

SCIM Provisioning is a standard that allows your Users to be automatically provisioned in Files.com from Okta.

First, you'll need to select the "SCIM" provisioning method in Okta at Applications > Files.com > App Settings > Provisioning.

Then use the following settings in Okta at Applications > Files.com > Provisioning > SCIM Connection:

  • SCIM connector base URL: https://app.files.com/api/scim
  • Unique identifier field for users: email
  • Supported provisioning actions: (check all)
  • Authentication Mode: Basic Auth
  • Basic Auth Username and Password: (Enter a username and password of your choosing)

The username and password entered for Basic Auth will also need to be added as the SCIM username and password in Files.com at Settings > Users > User Settings > SSO Providers > Okta (Set Enable automatic user provisioning via SCIM? to "Basic" in Files.com if it's not already).

Lastly, in Okta at Applications > Files.com > Provisioning > To App, ensure that the following are set:

  • Create Users: (checked)
  • Update User Attributes: (checked)
  • Deactivate Users: (checked)

After setting the above, your Okta users assigned to the Files.com application in Okta will be provisioned to Files.com and should be able to log in to Files.com via SSO.

Just-In-Time (JIT) Provisioning

JIT Provisioning works by creating user records on Files.com upon their first successful login. This method is easier than SCIM, however, it is somewhat limited. Files.com will automatically use Just-In-Time (JIT) Provisioning if you don't set up SCIM.

Get Instant Access to Files.com

The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, then fill out the short form on the next page. Your account will be activated instantly. You can dive in and start yourself or let us help. The choice is yours.

Start My Free Trial

©2023 Files.com. All right reserved

FILES.COM

  • Start My Free Trial
  • Pricing
  • Docs
  • API and SDKs
  • Contact

CONTACT & SUPPORT

support@files.com

(800) 286-8372

Monday–Friday

9am–8pm Eastern