How to Share and Manage File Access from AWS S3, Azure Blob with Salesforce Users
Salesforce is the world’s most trusted customer relationship management (CRM) platform on cloud. In this document, we will discuss about how NirvaShare can be used for secure file sharing and collaboration from object storages such as AWS S3, Azure Blob, Digital Ocean spaces, etc. with Salesforce users. A fine level of file read/write access can be given to Salesforce users with files and folders seamlessly using a Single Sign – On.
Prerequisites
As prerequisites, make sure you have the following.
- NirvaShare, installed either on cloud or on-premise. You can also directly install from any Marketplace, check HERE.
- Configure the Storage and User Application URL . For more information refer HERE.
- Make sure proper domain name and SSL certificate is configured for Admin Console and User App.
- You will require access to your Salesforce as console administrator.
Note: For more information or in case if you require support, please contact us HERE.
Login Profile
Follow the below steps to create a new login profile to integrate with the external identity provider.
- Log in to Admin Console as an administrator.
- Click on Login Profiles from the left menu of the Admin Console.
- Click on CREATE button from the top right corner.
- Under the Basic Info tab, provide a name for the title and an optional description.
Access
- Provide an IP Address or IP Addresses in the IP Address Restriction field.
- Choose the language in the Language field. By default it is set to English.
Note – To restrict access to only certain white listed IP address or a range, please refer to Access Restriction with IP Address
Authentication
- Click on the Authentication tab.
- For the Authentication, select External Single Sign On (SSO) and click on CREATE.
Updating Login Profile with SAML Metadata
The SAML metadata file obtained from the above process through Okta should be updated in the login profile in NirvaShare. Here we have listed the steps to do it.
- Login as an administrator into admin console of NirvaShare.
- Go to left menu of admin console and click on Login profiles.
- Edit the Login profile that we created earlier.
- In the Authentication section click on the Choose File button and select the metadata file for the External IDP SAML Metadata section.
- Click on Update.
Salesforce Configuration
We need to create an enterprise application in Salesforce to integrate with NirvaShare:
- Sign in to salesforce portal https://login.salesforce.com/
- From the setup left menu list, click on App Manager.
For more information on connected apps, please refer HERE.
- On the top Right menu, click on New connected App.
- Provide a name as Nirvashare along with your email ID and click on Create.
- After creating the app, go to Web App Settings .
- We need to enable SAML, enter the start URL, Entity Id, ACS URL of NirvaShare. These information can be found from the XML metadata content obtained from Login Profile of NirvaShare based on steps in the previous section.
- Download the Salesforce Metadata XML file from SAML Signing Certificate section. Save it into your local file.
- This file content will be required while configuring Login Profile in NirvaShare Admin Console.
- To assign users to this connected app, either use existing Salesforce profile or create a new one and assign the profile to the connected app.
- To assign the profile to the connected app, click on Managed Connected App > Manage Profiles > Application Profile Assignment.
- Login to NirvaShare Admin Console and edit the Login Profile that was created based on the steps from previous section.
- Copy paste the Salesforce metadata file content from from previous steps in to the text area of External IDP SAML Metadata and update authentication.
Sharing File/Folder
Once the configuration is completed based on the above sections, it is now good to share a file/folder with Salesforce users using SSO.
To share and collaborate files with Salesforce users, check HERE for information on creating Shares. During the configuration, make sure you select the Login Profile that was created based on the steps mentioned in this document.