Egnyte - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Egnyte using MPAS. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization.
To set up Multi-Pass with Egnyte, ensure you meet the following requirements:
- Egnyte admin rights
- MPAS Admin rights
- Make sure that all users intended to use SSO in Egnyte are registered in your IdP and have the necessary permissions to access Egnyte.
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.
Egnyte - SSO configuration
Step 1 - Obtain Egnyte Metadata & Configure Multi-Pass as the Identity Provider (IdP)
- Log into Egnyte as an Administrator.
- Navigate to Settings, Configuration and select Security & Authentication.
- Under Single sign-on authentication, select SAML 2.0.
- Click Export Egnyte metadata XML and save the file locally.
- Select the correct tenant and go to Integrations, Applications and click on Add Application (SAML).
- In Multi-Pass, configure the application:
- Name = Egnyte
- Upload the Egnyte metadata XML you exported
- Save the integration
- Download the Multi-Pass IdP metadata (Tenant XML) — you will import this into Egnyte in Step 2
- Go to the advanced console
- Click on clients
- Use the search bar to look for the client you just created and verify that the different fields are completed like below :
General settings (Multi-Pass)
| Field | Value |
|---|---|
| Client ID / SP Entity ID | https://saml-auth.egnyte.com |
| Name | Egnyte |
| Description | SSO integration (SAML 2.0) |
| Always Display in UI | ON / OFF |
Access settings (Multi-Pass)
| Field | Value |
|---|---|
| Home URL (IdP-initiated) | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml/clients/<APP_NAME> |
| Valid Redirect URIs (ACS) | https://<DOMAIN_NAME>.egnyte.com/samlconsumer |
| IDP-Initiated SSO URL Name | <APP_NAME> |
SAML capabilities (Multi-Pass)
| Setting | Value |
|---|---|
| Name ID Format | username |
| Force Name ID Format | ON |
| Force POST Binding | ON |
| Include AuthnStatement | ON |
Signature & Encryption (Multi-Pass)
| Setting | Value |
|---|---|
| Sign Documents | ON |
| Sign Assertions | ON |
- Now move to the Keys tab and make sure that both parameters are switched to OFF
- Go to the advanced tab
- Assertion Consumer Service POST Binding URL = Valid Redirect URIs (ACS) = https://<DOMAIN_NAME>.egnyte.com/samlconsumer
Step 2 - Configure Egnyte as the Service Provider (SP) & Complete the Setup
- Go back to the browser where you are log in into Egnyte as an Administrator.
- Under Identity Provider Configuration, click Import metadata XML file.
- Upload the Multi-Pass IdP metadata XML downloaded in Step 1.
- Verify the following values are populated:
- Identity provider login URL : https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml/clients/egnyte
- Certificate (IdP x.509)
- IdP Login URL (IdP SSO URL)
- IdP Entity ID
- Set Use Domain-specific issuer value to Enabled.
- Save your settings in Egnyte.
Access settings (Egnyte — expected from IdP metadata)
| Field | Value (from Multi-Pass) |
|---|---|
| Certificate | IdP x.509 certificate |
| IdP Login URL | IdP SSO URL |
| IdP Entity ID | IdP Entity ID |
| Use Domain-specific issuer value | Enabled |
Test & Rollout (within Step 2)
- In Egnyte, go to Settings,
- Users & Groups and click on Users.
- Create a new test user and set role to Power User.
- Open the user profile and change Authentication to SSO.
- Open a private/incognito window and attempt login:
- Egnyte should redirect to Multi-Pass for authentication
- After a successful login, you should be redirected back to Egnyte
- Roll out to more users once the pilot is validated. Keep a local admin available as fallback.
Related Articles
SAML SSO Integration Guide
This guide provides an overview of how to configure SAML Single Sign-On (SSO) between Multi-Pass and a third-party Service Provider (SP). Multi-Pass acts as the Identity Provider (IdP) in this federation model. Multi-Pass is working on SCIM support ...Notion - SSO configuration
Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a ...Vanta - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Vanta using MPAS. SSO simplifies user authentication by allowing access to multiple ...Dynatrace - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Dynatrace using MPAS. SSO simplifies user authentication by allowing access to multiple ...Addigy - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Addigy using MPAS. SSO simplifies user authentication by allowing access to multiple ...