Setting up Single Sign-On with Azure AD

Files.com supports Single Sign-On with Microsoft Azure using either SAML or OAuth. If you don’t know which method to use, we recommend using the SAML method for integrating with Microsoft Azure.

To enable and configure the Microsoft Azure AD (Active Directory) Single Sign-On (SSO) feature you will need three things:

  1. A Files.com plan that supports the Azure AD SSO feature
  2. Administrator access to your Files.com site
  3. Administrator access to your Azure portal

Azure SSO via SAML

Adding Files.com in Azure AD

After logging in to your Azure portal as an administrator, navigate to Azure Active Directory > Enterprise applications, and click the New application button.

Click Non-gallery application.

Enter Files.com in the Name field and click the Add button.

Under Getting Started, click Set up single sign on.

Under Select a single sign-on method, click SAML.

In the Basic SAML Configuration box, click the Edit (pencil) icon.

Complete the form using the following values (leave other fields at their defaults):

Identifier (Entity ID) https://app.files.com/saml/metadata
Reply URL (Assertion Consumer Service URL) https://app.files.com/saml/consume
Relay State SUBDOMAIN.files.com

(Replace SUBDOMAIN with your Files.com subdomain).

Click the Save button to apply the changes.

Lastly, copy the App Federation Metadata Url in the SAML Signing Certificate box. You will need this URL when adding Azure in Files.com.

Adding Azure AD in Files.com

After logging in to your Files.com account as an administrator, navigate to Settings > Authentication > SSO Providers, and click the Add provider button. Click to select the Microsoft provider.

In the Add provider form, select the Use SAML option, and paste the App Federation Metadata Url URL you copied from Azure into the Metadata URL for the SAML identity provider field.

Lastly, click the Save button to apply the change.

The Azure SSO method will now be available when assigning an authentication method for a user in Files.com, and the Sign in with Microsoft button will be displayed on your site’s login page.

Azure SSO via OAuth

Adding Files.com in Azure AD

After logging in to your Azure portal as an administrator, navigate to Azure Active Directory > App registrations and click the New registration button.

In the registration form, enter Files.com in the Name field, and enter the following URL in the Redirect URI field:

https://app.files.com/login_from_oauth?provider=azure

Click the Register button to complete the registration.

Next, copy both the Application (client) ID and Directory (tenant) ID by clicking the copy icon that appears when hovering your cursor over them, and make a note of these by pasting them into a text/document editor.

Next, to generate a client secret, click Certificates & secrets, and click the New client secret button.

In the dialog that appears, enter a Description and select the Expires option according to your preference.

Click the Add button to generate your client secret. Then use the copy icon next to the generated secret to copy it, and make a note of it along with your previously copied client and tenant IDs.

Adding Azure AD in Files.com

After logging in to your Files.com account as an administrator, navigate to Settings > Authentication > SSO Providers, and click the Add provider button. Click to select the Microsoft provider.

In the Add provider form:

  • Paste your Directory (tenant) ID copied from Azure into the Tenant ID field.
  • Paste your Application (client) ID copied from Azure into the Client ID field.
  • Paste your Client secret copied from Azure into the Client Secret field.

Lastly, click the Save button to apply the change.

The Azure SSO method will now be available when assigning an authentication method for a user in Files.com, and the Sign in with Microsoft button will be displayed on your site’s login page.