Introduction
This guide provides information on how to:
- Set up Beyond Identity as a passwordless authentication solution for your Egnyte environment.
- Set up Egnyte to use Beyond Identity as an Identity Provider.
Prerequisites
Ensure that you have the following:
- An Egnyte account with “Administrator” privileges
-
“SAML 2.0” enabled for the account
- Contact Egnyte if the account is not enabled for SAML 2.0.
Beyond Identity Configuration
Information to provide to the Beyond Identity Field Team:
Your Company Name | |
Your Egnyte Instance URL e.g. https://[your-domain].egnyte.com |
|
(Optional) A logo for your corporation Logo requirements: 300 x 150 pixels or less File size of 10kb or less File types accepted: SVG, PNG, JPG, or GIF |
Information you will receive from the Beyond Identity Field Team
Beyond Identity Org ID | [From Beyond Identity SE] |
Egnyte Configuration
To configure Beyond Identity as the IdP in Egnyte, follow the steps below. Once these steps are taken, you will be ready to enable Beyond Identity for test users.
Configure Beyond Identity as the Identity Provider
This configuration starts with Egnyte Admin UI, then mid-way through the configuration, you switch over to the Beyond Identity Admin Console, you finish off that configuration and then come back and finish the configuration in Egnyte:
1. Log into your Egnyte administrator account through the Web UI <yourdomain.egnyte.com>.
2. Navigate to "Settings" -> (1) Configuration -> (2) "Security & Authentication" -> scroll all the way down to find "Single Sign-on Authentication".
3. Select "SAML (SS0)" in the dropdown menu.
4. Identity Provider (ldP) Name: Choose “Generic HTTP Redirect” in the dropdown.
5. Click on “Export Egnyte metadata XML” link.
6. This will download the “Egnyte_SAML_metadata.xml” file on your computer.
7. Now login to Beyond Identity Admin Console. Once logged in, click on the “Integrations” tab, click on “SAML” and then click on “Add SAML Connection”.
8. Click on “Upload XML” and choose “Egnyte_SAML_metadata.xml”. This will populate all the required fields.
9. Click on “Save Changes”.
10. Note down the following fields from the recently created SAML Connection. This will be required in the next step.
a. IdP Single Sign-On URL: https://auth.byndid.com/saml/v0/<BI-Connection-ID>/sso
b. IdP Issuer: https://auth.byndid.com/saml/v0/<BI-Connection-ID>/sso/metadata.xml
c. Download IdP Signature Certificate
11. Now, go back to the Egnyte Admin UI and finish the SAML Configuration.
a. IdP Login URL: SAML 2.0 Endpoint URL
b. IdP entity ID: SAML Issuer Login URL
c. SAML Certificate: Certificate
8. Click on Save.
Setting up test users
User Enrollment
- Until the SCIM support is added, to enroll a user in the Beyond Identity experience, users will have to be created in both Egnyte and in Beyond Identity.
First, go to the Egnyte Admin UI and create a new user or modify an existing user to use SSO.
- Click on Users & Groups
- Add a New Account or Select an existing account by clicking Details at the end of the user’s entry. Only Power Users and Administrators can be enabled for SSO.
- Click on Profile
- Select Authentication Method as “SSO”
- Enter IdP Username
- Click Save.
Now, go to the Beyond Identity Admin Console and create a new user.
- Click on Users
- Click on Add User
- Enter External ID, Email, Username and Display Name
- Click Save Changes.
This triggers the enrollment process for the user.
-
Enrolled users will receive an email from Beyond Identity welcoming them to the new Identity Provider.
- See image below for reference:
-
Each enrolled user will be asked to follow the two steps below:
-
Step 1: Download the Beyond Identity Authenticator to their device.
- When the user clicks “View Download Options”, the Beyond Identity Authenticator downloads page will open in a browser with all supported platforms displayed. The user should download and install the Beyond Identity Authenticator on their device if they have not already.
- Now that the user has the Authenticator installed on their device, they should proceed to Step 2 as there is not yet a user credential associated with the Authenticator on that device.
- Step 2: Register their Credential in the Beyond Identity IdP.
- By clicking on Step 2 “Register New Credential”, the user’s credential will get enrolled in the Beyond Identity service on the back end. On the front end, users who click Step 2 will be taken to the Beyond Identity Authenticator where they will see the progress of their credential registration. Once completed, the user will see the credentials in the Authenticator.
- See example image below:
-
Step 1: Download the Beyond Identity Authenticator to their device.
User Authentication (Signing in)
- Each enrolled user can visit their Egnyte instance to sign into their Egnyte application.
- The Egnyte application will ask the user to enter their username.
- Once the username is submitted, a prompt to use or open the Beyond Identity app for authentication will display for the user.
-
The user should click affirmatively on the prompt to be signed into their application, without the use of a password. The Beyond Identity app along with a success notification will display.
- Note: For iOS devices, some application sign-in processes will ask the user to exit out of the Beyond Identity Authenticator to return to their app after successful authentication.
User Deprovisioning
- To deprovision a user from the Beyond Identity experience, delete the user from the Beyond Identity Admin Console and go to the Egnyte Admin UI and change the user’s profile.
- Click on Users & Groups
- Select an existing account by clicking Details at the end of the user’s entry.
- Click on Profile
- Select Authentication Method as “Egnyte”
- Click Save.
Comments
0 comments
Please sign in to leave a comment.