Loading
Salesforce now sends email only from verified domains. Read More
Identify Your Users and Manage Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Configure SSO from Salesforce to Citrix ShareFile

            You are here:

            1. Salesforce Help
            2. Docs
            3. Identify Your Users and Manage Access

            Configure SSO from Salesforce to Citrix ShareFile

            Let your users log in to Citrix ShareFile using single sign-on (SSO) from your Salesforce org configured as an identity provider.

            Required Editions

            Available in: Lightning Experience and Salesforce Classic
            Available in: Enterprise, Performance, Unlimited, and Developer Editions

            When you set up Citrix ShareFile as a service provider and create a connected app in Salesforce, users can access ShareFile using their Salesforce login credentials. ShareFile supports the SAML protocol for both identity provider–initiated and service provider–initiated SSO.

            Follow these high-level steps to configure SSO for Salesforce to ShareFile.

            See Also

            Set Up Your Salesforce Org as an Identity Provider

            With the My Domain feature, your Salesforce org is enabled as an identity provider. My Domain is required for all orgs. If you don’t like your org’s My Domain name, you can change it.

            The My Domain feature also creates a certificate and key pair. The certificate establishes trust between your Salesforce org and ADP. Optionally, you can use another self-signed certificate or import a CA-signed certificate.

            To download the Salesforce self-signed certificate:

            1. From Setup, enter Identity Provider in the Quick Find box, and select Identity Provider.
            2. Click Download Certificate.

            Configure SAML Settings in Citrix ShareFile

            1. Log in to your ShareFile account as an administrator.
            2. In the menu, under Admin, click Configure Single Sign-On.
            3. Under Single Sign On / SAML Configuration, you see SAML settings, including the ACS URL and the SP-initiated login URL. To configure Salesforce as an identity provider, you need these URLs in a later step.
              SAML settings in ShareFile
            4. Configure the basic SAML settings in ShareFile.
              1. Click Enable SAML.
              2. For ShareFile Issuer / Entity ID, enter the ShareFile issuer, for example https://MyDomainName.sharefile.com/saml/info.
              3. For Your IDP Issuer / Entity ID, enter your Salesforce identity provider issuer, for example https://MyDomainName.my.salesforce.com.
              4. For X.509 Certificate, enter the content of your Salesforce certificate.
              5. For Login URL, enter the HttpRedirect endpoint, for example https://MyDomainName.my.salesforce.com/idp/endpoint/HttpRedirect.
              6. For Logout URL, enter a URL to which the user is sent after logging out, for example, https://MyDomainName.my.salesforce.com/secur/logout.jsp.
                saml basic settings in ShareFile
            5. Configure the optional settings.
              1. Select Require SSO Login if you want to require non-administrative employees to log in using Salesforce as an identity provider.
              2. Select SP-Initiated Signing Certificate for ShareFile to send a signed SAML request to Salesforce as the identity provider.
                Note
                Note Although this setting is optional, it’s recommended for security purposes.
              3. For SP-Initiated Auth Context, select Password Protected Transport and Minimum. These settings provide the method and comparison level for the authentication context.
                optional SSO settings in ShareFile
            6. Save the settings.

            Create a Connected App in Salesforce

            1. In Salesforce, create a connected app.
              • In Lightning Experience, from Setup, enter App in the Quick Find box, and select App Manager. Click New Connected App.
              • In Salesforce Classic, from Setup, enter Apps in the Quick Find box, and select Apps. Under Connected Apps, click New.
            2. Configure the connected app Basic Information settings.
              1. Enter a name for the Citrix ShareFile connected app. Salesforce uses this name to populate the API name.
              2. Enter your email address in case Salesforce must contact you or your support team.
              3. Optionally, upload or specify a logo and icon to represent your Citrix ShareFile application in the Salesforce App Launcher.
              basic settings for the connected app
            3. Configure the connected app Web App Settings.
              1. Select Enable SAML.
              2. For Entity Id, enter the URL for your Citrix ShareFile domain, for example, https://MyDomainName.sharefile.com/saml/info.
              3. For ACS URL, enter the ACS URL you saved earlier, for example, https://MyDomainName.sharefile.com/saml/acs.
              4. For Subject Type, select how users are identified to the identity provider, for example, Federation ID. A federation ID is a unique value assigned to the user across multiple web services and Salesforce orgs.
              5. For Name ID Format, keep the default value.
              6. For Issuer, keep the default value, which is your My Domain subdomain.
              7. For IdP Certificate, keep the default (Default IdP Certificate).
              web app settings for the connected app
            4. Save the settings.
            5. On the connected app detail page, click Manage Profiles or Manage Permission Sets. Add profiles or permission sets for the users who can access this app.
            6. In Salesforce, enter the start URL for the connected app.
              1. On the connected app detail page, under SAML Login Information, copy the IdP-initiated login URL.
              2. On the connected app detail page, click Edit Policies.
              3. For Start URL, paste the IdP-initiated login URL.
              4. Save the settings.

            Test the Connected App

            1. To test an identity provider–initiated SSO, from the Salesforce App Launcher, find and open the Citrix ShareFile app. If you configured the Citrix ShareFile logo and icon for the connected app, the App Launcher displays them. If the identity provider–initiated SSO is configured properly, Salesforce creates an application session.
              Select ShareFile from the App Launcher
            2. To test service provider–initiated SSO, open a browser and enter the SP-initiated login URL that you saved earlier. You’re redirected to your Salesforce org. Enter your Salesforce credentials. If SSO is configured properly, you’re logged in to your ShareFile account.
             
            Loading
            Salesforce Help | Article