SAML (Any Provider)
Files.com supports SP (Service Provider) initiated SSO (Single Sign-On) and integrates with the most popular SSO providers. If your identity provider is not listed by name in our list of supported SSO providers, you can use our generic SAML Service Provider application to connect your IdP with Files.com.
Identity providers that work with our SAML application include Ping Identity, Cloudflare SSO, Cisco Duo Security SSO, Google Workspace SSO, IBM Security Verify, and Rippling SSO. We work with any SSO provider that is SAML 2.0 compliant.
SAML Overview
Security Assertion Markup Language (SAML) is an XML-based, open-standard data format for exchanging authentication and authorization data between parties (for example, between an identity provider and a service provider).
The SAML specification defines three roles. The Principal is typically a user, though it can also be a system or application. The Identity Provider (IdP) manages and authenticates user identities; Ping Identity and Cloudflare SSO are common examples. The Service Provider (SP) is the application the user is signing in to, which in this case is Files.com. These roles define how users, identity providers, and service providers interact and what each is responsible for.
Configure SAML Application
To connect the Files.com SAML application to your identity provider, you need the information below. Users must already exist in Files.com for SAML login to work. Configure your identity provider first, then configure the Files.com application.
Configure Your Identity Provider
Set up a connection for Files.com SSO with your IdP using the values below.
| Field | Value |
|---|---|
Single Sign On URL Assertion Consumer Service URL ACS URL Service Provider SSO URL SP SSO URL | https://app.files.com/saml/consume |
Audience URI SP Entity ID SP URL Provider ID Metadata URL | https://app.files.com/saml/metadata |
| Default RelayState (optional) | [SUBDOMAIN].files.com (Replace [SUBDOMAIN] with your Files.com subdomain) |
| Name ID format | EmailAddress |
| Application username |
After you configure the SAML application in your IdP, your IdP will give you access to a Metadata file or a Metadata URL, which you will need for the next step. SAML metadata is an XML document containing the information needed to interact with SAML-enabled identity or service providers, including endpoint URLs, supported bindings, identifiers, and public keys.
Configure Files.com SAML Application
Select SAML (Other Provider) from the SSO providers list. If you have a Metadata URL or an XML file from your IdP, enter it into the form and click Save.
To connect using a Certificate Fingerprint instead, get the Issuer URL, SLO endpoint, and SSO endpoint from your IdP, and download the certificate from your IdP. After the certificate is on your local machine, run the following command in a terminal to obtain its fingerprint.
openssl x509 -in [your_cert_file] -noout -sha256 -fingerprint
In Files.com, select the Certificate Fingerprint option and paste the fingerprint from the command above. Paste the Issuer URL you copied from your IdP. You can use the same URL for the SLO endpoint and the SSO endpoint. Click Save to save your configuration.
The generic SAML authentication method is now available when assigning an authentication method for a user in Files.com, and the Sign in with SAML (Other Provider) button appears on your site's login page. Single sign-on authentication only works with browser-based sessions or with the Files.com Desktop App.
We strongly recommend keeping at least one site administrator on password authentication rather than assigning every administrator to SSO. This prevents lockout from Files.com during an IdP or SSO outage.
SCIM Provisioning
Files.com supports SCIM provisioning with popular identity providers that have SAML-based integrations, and with the generic SAML integration when your IdP supports SCIM. See the SCIM Provisioning page for details.