Search Documentation
< All Topics

Share Files from MinIO with Azure Entra ID/ Active Directory Users Using SSO

Share files securely from MinIO file storage with Microsoft Entra ID users using SSO by making use of  NirvaShare. Entra ID (formally Azure Active Directory)  is widely used these days in most of the enterprise organizations it can safeguard data and is quite effective in governing access.

Prerequisites

Before you begin to share MinIO files you should ensure that NirvaShare is installed in your system environment either manually or from MarketPlace.

To configure the storage, please refer to the document below.

Login Profile

Follow the below steps to create a new login profile to integrate with the external identity provider.

  • Log in to Admin Console as an administrator.
  • Click on Login Profiles from the left menu of the Admin Console.
  • Click on CREATE button from the top right corner.
  • Under the Basic Info tab, provide a name for the Login Profile Name and an optional description.

Authentication

  • For the Authentication, select External Single Sign On (SSO) and click on CREATE.
loginprofile

SAML Metadata

For external identity provider integration, you will require SAML metadata from the login profile of NirvaShare. To obtain the SAML metadata for the newly created login profile, follow the below steps.

  • Edit the newly created login profile.
  • Click on Download SP Metadata or you can also copy it to the clipboard to open in a browser tab.
  • This will download the XML metadata file for NirvaShare.
  • This metadata file will be required to configure the external identity provider. So please save this file locally for further reference.
md

Access

  • Provide an IP Address or IP Addresses in the allowed IP or Range of IP Addresses field by clicking on the Settings tab.
  • Choose the language in the Language field. By default it is set to English.

Note – To restrict access to only certain white listed IP address or a range, please refer to Access Restriction with IP Address

acc1

Entra ID and Login Profile Configuration

We need to create an application SSO access point, i.e., enterprise application in Entra ID to integrate with NirvaShare:

  • Sign in to Azure Portal https://portal.azure.com
  • Open Entra ID service.
  • From the left menu list, click on Enterprise applications.

To know more, you can also visit Microsoft site HERE.

Share Vultr files
  • In the top menu, click on New application
  • In the top menu, click on Create your own application
  •  Provide a name as NirvaShare-userapp and click on Create
createApp
  • Once the newly created application is selected, click on Single sign-on from the left menu tab.
  • We need to enable SAML, hence click on SAML block on right hand side.
saml
  • At this instant, you will require SAML metadata file that was obtained from NirvaShare in the previous section.
  • Click on Upload metadata file.
  • Select the NirvaShare SAML metadata file and upload.
  • Save it.
  • Go to the section Attributes & Claims and click on edit.
  • Click on Add a group claim from the top menu.
  • Select the All groups radio button and Source attribute as Group ID.
group
  • Scroll down and expand Advanced options.
  • Enable checkbox to Customize the name of the group claim.
  • Provide the name as member.
  • Save it.
member

In the next step, we need to download Entra Id’s SAML metadata file.

  • Scroll down to the section SAML Signing Certificate.
  • Download the Federation Metadata XML file.
  • Save the file locally.
SAML signing

Updating SAML Metadata

 Go back to NirvaShare Admin Console.

  1. From the NirvaShare Admin Console, click on edit on the Login Profile that we created earlier.
  2. Upload the Federation Metadata XML content obtained from Entra Id by clicking on Choose File  next to Upload Metadata under External IDP SAML metadata.
  3. Save It.
choosemd

With this, the required configuration to enable Entra Id  Single Sign-On with NirvaShare is done. To test this, proceed with the next section to create Shares.

Shares

At this stage, we are good to use the SSO with MinIO files. Now we can create a folder Share to share MinIO files with Entra Id Users using SSO.  Refer to the below documentation to create a new Share from  Storage. During the Share configuration, ensure that you select the login profile that we created in above section. You can also create one or more shares and assign the same login profile.

Verification

  • Go to the NirvaShare Admin Console and right click on the login profile that we created and select Copy Shareable Link.
  • Open the link in browser tab. This will redirect to Entra Id for SSO.
  • After the authentication, you will be able to access Shares assigned to the login profile.
Posted
Updated
Table of Contents