Search Documentation
Table of Contents
< All Topics

Authentication Mechanisms

The administrator can enable authentication against any of the shared files with users to make secure and prevent unauthorized access. NirvaShare supports basic, form-based, OTP-based, and easy integration with external Identity providers such as ActiveDirectory, Okta, KeyCloak, IAM Identity Center, Salesforce, Google workspace, etc.
Advanced multi-factor authentication can also be achieved with the help of external IDP integration.

To manage login profiles, click on the Login Profiles tab on the side menu. This will list all existing login profiles and also lets administrators create, edit and delete those profiles. More than one Share can use the same Login Profile and later Share can be edited to use another Login Profile at any time.

Admin SSO google3 Edit

Create New Login Profile

To create a new Login Profile, click on CREATE button on the top right corner, this will popup a new create screen window. Provide a name, description and optionally provide an IP address, in case if you want to restrict the user from a specific IP address only. Select any one of the authentication types. At present following options are available.

  • Basic Authentication
  • Form-based Authentication
  • Single Sign-On (SAML 2)
  • OTP

Choose Single Sign On (SAML 2) for external identity provider integration such as ActiveDirectory, Google workspace, Okta, etc

newAuth

Basic Authentication

Basic Auth uses a simple authentication mechanism that uses an HTTP request to carry authentication information such as the username and the password in its header each time a user sends a request to the server. This is ideal for making external API integration on shared files.

Provide username and password which will be prompted to the user when respective Share is accessed.

basic auth

When a user tries to access a Share that is using a Basic authentication profile, the browser will prompt pops up like the one below

basicPrompt

Form based Authentication

Form-based Auth uses an HTTP post request to transmit the authentication information such as the username and the password to the server which validates the credentials and creates a valid session for the user in case of successful authentication. On the expiration of the session, the user is required to re-enter the credentials.

After selecting the Form-based Authentication type, set the username and password. This is the credentials user have to provide when accessing the Share associated with this Login Profile.

formCreate

When a user tries to access associated Shares, a Form-based login page is prompted expecting the user to enter a username and password.
By default, the NirvaShare logo is displayed, the administrator can change the logo with the branding feature. For more information on branding click on Settings – Branding Logo.

Screenshot from 2021 09 15 22 42 02

OTP Authentication

OTP-based authentication uses a one time based password token sent in email, To create OTP based login profile, select the authentication type as OTP. Provide the target user’s email ids. One or more email ids can be provided by comma separation. Additionally, a pattern supporting regular expression can also be provided, for example, *@yourcompany.com
In this case, users having an email domain as yourcompany.com will be able to log in with a valid email id.

 

OTP create

When a user tries to access associated Shares, an OTP login page is prompted expecting the user to enter an allowed email id.
By default, the NirvaShare logo is displayed, the administrator can change the logo with the branding feature. For more information on branding click on Settings – Branding Logo.

otp login

External Identity Provider Integration

In addition to supporting an in-built authentication mechanism, NirvaShare also has the capability to integrate with any of your existing identity providers such as ActiveDirectory, Okta, Salesforce, IAM Identity Center, Keycloak, Google workspace, etc. External identity provider integration is done using the SAML 2 protocol. To create a login profile based on external identity providers, select the authentication type as Single Sign On (SAML 2)

SAML Create

Provide name, description, and SAML metadata of external IDP to create it. After creating the login profile, edit the same. You will notice a link to SAML metadata for this profile which is basically a service provider SAML metadata. Use this SP metadata to configure external identity provider.

saml edit

For more information, please take a look at specific IDP integration in the documentation. When a user tries to access associated Shares, the user is automatically redirected to the external IDP login screen for authentication.