Egnyte
Before You Begin
Introduction
This document describes how to configure Oracle Identity Cloud Service to provide Single Sign-On (SSO) and user provisioning for Egnyte.
About Egnyte
Egnyte provides software for enterprise file synchronization and sharing. The technology can store files in a company’s existing data center as well as a cloud computing storage.
After integrating Egnyte with Oracle Identity Cloud Service:
- Users can access Egnyte using their Oracle Identity Cloud Service login credentials.
- Users can launch Egnyte using the Oracle Identity Cloud Service My Apps console.
- Admins can assign and revoke user access to the Egnyte app using the Oracle Identity Cloud Service administration console.
What Do You Need?
- An Oracle Identity Cloud Service account with authorization rights to manage apps and users (Identity Domain Administrator or Application Administrator).
- An Egnyte account with authorization rights to configure federated authentication and user provisioning.
- Make sure that the User Name of each user in Egnyte matches the User Name of the Oracle Identity Cloud Service account.
- Ensure that the user name of each user account to be provisioned in Egnyte from Oracle Identity Cloud Service is in user name format.
- Identity Provider metadata. You can use the following URL to access the metadata:
https://<IDCS-Service-Instance>.identity.oraclecloud.com/fed/v1/metadataand save the metadata in a text file. Use this file later to obtain the identity provider certificate in the "Obtaining the Identity Provider Certificate" section. - (your company name) mentioned while creating an account with Egnyte. This (your company name) is used as the
Domain Namevalue while configuring Egnyte in Oracle Identity Cloud Service. For more information, see the "Registering and Activating the Egnyte App" section.
Obtaining the Identity Provider Certificate
Use this section to obtain the Identity Provider Certificate in a format that is suitable for Egnyte.
Use the following URL to access the identity provider metadata:
https://<IDCS-Service-Instance>.identity.oraclecloud.com/fed/v1/metadata.In the metadata file, locate the dsig:X509Certificate tags.
Copy the content between the dsig:X509Certificate tags into a text file. This content is the Oracle Identity Cloud Service signing certificate.
Tip: Use this certificate later during Egnyte configuration in the "Configuring SSO for Egnyte" section.
Configuring SSO for Egnyte
Access Egnyte as an administrator using the URL:
https://<Domain_Name>.egnyte.com. The Shared page appears.Note: This is the domain name value that you obtained while performing the steps in the "What Do You Need?" section.
In the upper-right corner, click the menu icon, and then select Settings from the drop-down list. The Configuration tab displays the Configuration Settings page.
In the left navigation menu, select Security & Authentication.
Locate the Single Sign-on Authentication section, use the table to update the federated authentication attributes, and then click Save.
Attribute Value Single sign-on authentication Select SAML 2.0 from the drop-down list. Identity provider Select Generic HTTP POST from the drop-down list. Identity provider login URL Enter the Sign-in URL/SSO Endpoint: https://<IDCS-Service-Instance>.identity.oraclecloud.com/fed/v1/idp/sso.Identity provider entity ID Enter the Entity ID/Issuer URL. Use the metadata file that you downloaded earlier to obtain the Entity ID/Issuer URL. The Entity ID/Issuer URL information is located in the first line of the metadata. See the "What Do You Need?" section. Identity provider certificate Paste the identity provider certificate content that you obtained earlier by performing the steps in the "Obtaining the Identity Provider Certificate" section. Note: Enabling SSO deactivates the ability to log in using the user name and password for the federated users.
Registering an Application and Obtaining API Key in the Egnyte for Developers Portal
In another tab, access the Egnyte developers account using the following URL:
https://developers.egnyte.com/. The Egnyte for Developers sign in page appears.In the upper-right corner, click REGISTER. The Register for an account page appears.
Under the REGISTER A NEW MASHERY ID TO ACCESS DEVELOPERS.EGNYTE.COM section, fill in the required information.
Locate the REGISTER YOUR NEW APPLICATION section, use the table to update the federated authentication attributes.
Attribute Value Name of your application (you can change it later) Enter your application name. Type Internal Application (own company use only). Current User Base Select an option from the drop-down list according to your application. Platform Select Web App from the drop-down list. Egnyte domain you will use for testing Enter your Egnyte Domain name that you obtained while performing the steps in the "What Do You Need?" section. Under the TERMS OF SERVICE section, select the I have read and agree to the Egnyte API Terms of Service check box.
Click REGISTER. The Registration Almost Complete page appears.
Note: A confirmation link is sent to the email address filled in the registration form. By clicking the link, users can successfully register their Egnyte for developers account.
After the registration, the API Key is displayed in the developers portal, and is sent to the user through an email. Initially, the API Key is in waiting status. After the Egnyte support team's approval, the API Key's status is changed to active. subsequently, user receives an email confirmation for the same.
Use this approved API Key while enabling user provisioning for the Egnyte app in Oracle Identity Cloud Service. See the "Enabling Provisioning" section.
Configuring Egnyte in Oracle Identity Cloud Service
Use this section to register and activate Egnyte, and to enable provisioning and synchronization for Egnyte.
Registering and Activating the Egnyte App
Access the Oracle Identity Cloud Service administration console, select Applications, and then click Add.
Click App Catalog.
Search for
Egnyte, and then click Add.In the App Details section, enter your Egnyte Domain Name, and then click Next.
Note: This is the domain name value that you obtained while performing the steps in the "What Do You Need?" section.
Click Next to enable provisioning and synchronization for Egnyte. Oracle Identity Cloud Service displays the Provisioning page.
Enabling Provisioning and Synchronization for Egnyte
Use this section to enable provisioning and synchronization for managing user accounts in Egnyte through Oracle Identity Cloud Service.
Enabling Provisioning
On the Provisioning page, select Enable Provisioning.
Under the Configure Connectivity section, enter the API Key.
Note: This is the API Key value that you obtained while performing the steps in the "Registering an Application and Obtaining API Key in the Egnyte for Developers Portal" section.
Enter the Egynte administrator Username and Password.
Click Test Connectivity. A success message is displayed stating that the connection is successful.
To view predefined attribute mappings between the user account fields defined in Egnyte and the corresponding fields defined in Oracle Identity Cloud Service, click Attribute Mapping, and then click OK.
Note: To add a new attribute for provisioning, click Add Row, specify the attributes in the User and Egnyte Account columns, and then click OK. For example, if you want to add the External ID field, enter
$(user.externalId)in the User column, and then select the corresponding field from the drop-down list in the Egnyte Account column.Specify the provisioning operations that you want to enable for Egnyte:
Note: By default, the Create Account, Update Account, De-activate Account and Delete Account check boxes are selected.
Create Account: Automatically creates an Egnyte account when Egnyte access is granted to the corresponding user in Oracle Identity Cloud Service.
Note: Make sure that you select the attribute sso from the Authentication Type drop-down list while creating users for Egnyte app in Oracle Identity Cloud Service to enable single sign-on.
Update Account: Automatically updates an Egnyte account when the corresponding user account is edited in Oracle Identity Cloud Service.
De-activate Account: Automatically deactivates or activates an Egnyte account when the Egnyte access is deactivated or activated for the corresponding user in Oracle Identity Cloud Service.
Delete Account: Automatically removes an account from Egnyte when Egnyte access is revoked from the corresponding user in Oracle Identity Cloud Service.
Enabling Synchronization
On the Provisioning page, select Enable Synchronization.
From the User Identifier drop-down list, select the Oracle Identity Cloud Service user attribute that you want to match with the corresponding record fetched from Egnyte:
Note: By default, the User Name option is selected from the drop-down list. It is recommended to leave this default attribute for accurate synchronization of user records.
Primary Email Address: Primary email address of the Oracle Identity Cloud Service user.
User Name: User name of the Oracle Identity Cloud Service user.
To match an Egnyte account attribute with the existing Oracle Identity Cloud Service user, select an attribute from the Application Identifier drop-down list.
Note: By default, the Email option is selected that represents the Email attribute of the Egnyte account. It is recommended not to change this default option.
From the When exact match is found drop-down list, select one of the following actions to be performed when a matching Oracle Identity Cloud Service user is found for an account:
Link and confirm: Automatically links and confirms the matched account to the corresponding Oracle Identity Cloud Service users based on the defined User Identifier and Application Identifier fields.
Link but do not confirm: Automatically links all the matched accounts to the corresponding Oracle Identity Cloud Service users based on the defined User Identifier and Application Identifier fields. You need to manually confirm the linked accounts.
In the Max. number of creates field, enter a number that is greater than or equal to 10. This value limits the number of accounts to be created during the synchronization run.
In the Max. number of deletes field, enter a number that is greater than or equal to 10. This value limits the number of accounts to be deleted during the synchronization run.
After enabling provisioning and synchronization for Egnyte, you can synchronize the existing account details from Egnyte and link them to the corresponding Oracle Identity Cloud Service users. For more information on performing synchronization tasks, see the Importing User Accounts from a Software as a Service Application section in Administering Oracle Identity Cloud Service.
You can also manage Egnyte accounts through Oracle Identity Cloud Service. For more information on performing provisioning tasks, see the Managing Oracle Identity Cloud Service Users and Managing Oracle Identity Cloud Service Groups sections in Administering Oracle Identity Cloud Service.
Click Finish, and Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.
Verifying the Integration
Use this section to verify that SSO works when initiated from Oracle Identity Cloud Service (IdP initiated SSO).
Verifying Identity Provider Initiated SSO from Oracle Identity Cloud Service
Access the Oracle Identity Cloud Service My Profile console using the URL:
https://<IDCS-Service-Instance>.identity.oraclecloud.com/ui/v1/myconsole.Log in using credentials for a user that is assigned to the Egnyte app. Oracle Identity Cloud Service displays a shortcut to Egnyte under My Apps.
Click Egnyte. The Shared page appears.
Note: When the user accesses Egnyte for the first time, the user receives a confirmation email. Use the email link to confirm or click Remind me tomorrow, and then keep clicking Next until the end of the pop-ups.
In the upper-right corner of the header menu, click the user icon and then confirm that the user that is logged in is the same for both Egnyte and Oracle Identity Cloud Service.
This confirms that SSO that is initiated from Oracle Identity Cloud Service works.
Troubleshooting
Use this section to locate solutions to common integration issues.
Known Issues
Egnyte displays the message, "No results found for idp_userid=<Email_address>"
Cause: When the user accounts are synchronized, the user account imported from Egnyte is linked to an incorrect user account in Oracle Identity Cloud Service.
Solution: Ensure that the imported user account is linked to the correct user under the Egnyte app in the Oracle Identity Cloud Service. For more information on activating the user account for Egnyte, see the "Enabling Synchronization" section.
Egnyte displays the message, "User is not a valid SSO user"
Cause: The user account assigned to Egnyte is deactivated in Egnyte under the Users page, and the user attempts to initiate single sign-on.
Solution: Ensure that the user account is activated under the Users page in the Egnyte app.
Unknown Issues
For unknown issues, contact Oracle Support:
Go to https://support.oracle.com.
Select Cloud Support, and then sign in with your support credentials.
In the Cloud Dashboard, confirm that there are no planned outages in Oracle Identity Cloud Service, and then click Create Service Request.
Select Oracle Identity Cloud Service as the service type.
Complete your service request.