SAML (Any Provider)
Files.com supports SP (Service Provider) initiated SSO flow securely and integrates with the most popular SSO providers. If your identity provider is not listed by name in our list of supported SSO providers, you can use our generic SAML Service Provider application to connect your IdP with Files.com. Some examples of identity providers where you can use our SAML application are: Ping Identity, Cloudflare SSO, Cisco Duo Security SSO, Google Workspace SSO, Rippling SSO, etc. We are able to work with any SSO provider that is SAML 2.0 compliant.
Security Assertion Markup Language (SAML) is an XML-based, open-standard data format for exchanging authentication and authorization data between parties (for example, between an identity provider and a service provider).
The SAML specification defines three roles:
- Principal: Typically a user (in some cases, it can be a system or application also)
- IdP: The identity provider (your identity provider such as Ping Identity or Cloudflare SSO etc.)
- SP: The service provider (in this case it is Files.com application)
To configure the Files.com SAML application to connect to your identity provider, you need the below information to set up your connection. Users must already exist in Files.com for SAML login. You need to configure your Identity provider first and then configure the Files.com application.
The first step is to set up a connection for Files.com SSO with your IdP. You need below information to configure the SAML application in your IdP.
- Single Sign On URL or Assertion Consumer Service URL or ACS URL: https://app.files.com/saml/consume
- Audience URI or SP Entity ID or SP URL: https://app.files.com/saml/metadata
- Default RelayState: [SUBDOMAIN].files.com (Replace SUBDOMAIN with your Files.com subdomain)
- Name ID format: EmailAddress
- Application username: Email
Once you have configured the SAML application in your IdP with the above information, you will get access to a Metadata file and/or a Metadata URL from your IdP that will need for the next step. SAML metadata is an XML document which contains information necessary for interaction with SAML-enabled identity or service providers. This metadata document contains information such as URLs of endpoints, information about supported bindings, identifiers and public keys.
Once you have the Metadata information from your IdP, login as a site administrator at Files.com and go to Settings -> Integrations -> SSO. Click on Add Provider and select SAML (Other Provider). If you have a Metadata URL or a XML file from your IdP, enter it in to the form and click Save.
If you require to use Certificate Fingerprint to connect, get the Issuer URL, SLO endpoint and SSO endpoint from your IdP. Also, download the certificate from your IdP. Once the Certificate is downloaded on your local machine, run the following command using terminal to obtain the Certificate's Fingerprint
'openssl x509 -in [your_cert_file] -noout -sha256 -fingerprint'
In Files.com, select the "Certificate Fingerprint" option and paste the fingerprint you obtained from the above command. Paste the Issuer URL you copied from your IdP. You can use the same URL for the SLO endpoint and for the SSO endpoint. Click on Save to save your configuration.
The generic SAML authentication method will now be available when assigning an authentication method for a user in Files.com, and the Sign in with SAML (Other Provider) button will be displayed on your site's login page.
Get Instant Access to Files.com
The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, then fill out the short form on the next page. Your account will be activated instantly. You can dive in and start yourself or let us help. The choice is yours.Start My Free Trial