Integration of Citrix ShareFile with DoubleClue using SAML

1. Introduction

This guide is intended for users of Citrix ShareFile who would like their employees to log into Citrix ShareFile via DoubleClue Multi-Factor Authentication (MFA) using SAML 2.0. For more information on this product, please visit https://www.citrix.com/products/sharefile/.

Requirements:

  • Citrix ShareFile account with readily registered employees.
  • DoubleClue Enterprise Management (DCEM) installation with readily registered users matching employee emails.

2. Preparing DCEM to be an Identity Provider

In order to prepare DCEM to be an Identity Provider, please see chapter 12 of “DCEM_Manual_EN.pdf”.

3. Setting up Citrix ShareFile

Log into your administration account on Citrix ShareFile.

Go to “Settings” > “Admin Settings” > “Security” > “Login & Security Policy”.

Scroll down to “Single sign-on / SAML 2.0 Configuration“.

  1. Enable SAML: Yes.
  2. Sharefile Issuer / EntityID: Leave as is.
  3. Your IDP Issuer / EntityID: Copy the value you entered for “IdP EntityID” during SAML setup (see chapter 12.1.3 of “DCEM_Manual_EN.pdf”).
  4. X.509 Certificate: Click “Change”. Copy the contents of the Certificate file you downloaded during SAML setup (see chapter 12.1.4 of “DCEM_Manual_EN.pdf”).
  5. Login URL: Copy the SSO Domain you entered during SAML setup (see chapter 12.1.3 of “DCEM_Manual_EN.pdf”) and add /dcem/samlto it.
  6. Logout URL: Copy the SSO Domain you entered during SAML setup (see chapter 12.1.3 of “DCEM_Manual_EN.pdf”) and add /dcem/saml/logout.xhtml to it.
  7. Require SSO Login: Yes.
  8. SSO IP Range: Leave empty.
  9. SP-Initiated SSO certificate: Choose “Redirect” or “POST” with a certificate.
  10. Force SP-Initiated SSO Certificate to Regenerate: No.
  11. Enable Web Authentication: Yes.
  12. SP-Initiated Auth Context: Password Protected Transport, Minimum.
  13. Active Profile Cookies: Leave empty.
  14. Click “Save”.

DCEM is now registered as an Identity Provider for Citrix ShareFile.

4. Setting Citrix ShareFile as a Service Provider for DCEM

  1. In Citrix ShareFile, download the XML-File at https://yourDomain.sharefile.com/saml/metadata .
  2. In DCEM, go to main menu item “SAML”, sub menu “SP Metadata”.
  3. Click “Add”.
  4. From the dropdown, choose “Custom” and click “Continue”.
  5. Upload the downloaded file using the “Upload” button.
  6. Modify the “Display Name” if desired.
  7. Click “OK”.

Citrix ShareFile is now registered as a Service Provider for DCEM.