-
Deployment
-
Administrative Guide
-
Tutorials
- Quick Start
- AWS S3 File Sharing With Password Protection
- Google Cloud Storage Integration
- SSO for Admin Console using IAM Identity Center
- SSL and Load balancer for NirvaShare on AWS
- SSO for AdminConsole using Azure ActiveDirectory
- SSL Using Nginx Proxy Manager
- How to Share and Manage File Access from AWS S3, Azure Blob with Salesforce Users
- Configure SSO for Admin Console using Google Workspace as Identity Provider
- Share Azure Blob Files with ActiveDirectory Users using SSO
- NirvaShare Config Properties
- S3 File Sharing with Okta Users
-
Troubleshoot
Authentication Mechanisms
The administrator can enable authentication against any of the shared files with users to make secure and prevent unauthorized access. NirvaShare supports basic, form-based, OTP-based, and easy integration with external Identity providers such as ActiveDirectory, Okta, KeyCloak, IAM Identity Center, Salesforce, Google workspace, etc.
Advanced multi-factor authentication can also be achieved with the help of external IDP integration.
To manage login profiles, click on the Login Profiles tab on the side menu. This will list all existing login profiles and also lets administrators create, edit and delete those profiles. More than one Share can use the same Login Profile and later Share can be edited to use another Login Profile at any time.

Create New Login Profile
To create a new Login Profile, click on CREATE button on the top right corner, this will popup a new create screen window. Provide a name, description and optionally provide an IP address, in case if you want to restrict the user from a specific IP address only. Select any one of the authentication types. At present following options are available.
- Basic Authentication
- Form-based Authentication
- Single Sign-On (SAML 2)
- OTP
Choose Single Sign On (SAML 2) for external identity provider integration such as ActiveDirectory, Google workspace, Okta, etc

Basic Authentication
Basic Auth uses a simple authentication mechanism that uses an HTTP request to carry authentication information such as the username and the password in its header each time a user sends a request to the server. This is ideal for making external API integration on shared files.
Provide username and password which will be prompted to the user when respective Share is accessed.

When a user tries to access a Share that is using a Basic authentication profile, the browser will prompt pops up like the one below

Form based Authentication
Form-based Auth uses an HTTP post request to transmit the authentication information such as the username and the password to the server which validates the credentials and creates a valid session for the user in case of successful authentication. On the expiration of the session, the user is required to re-enter the credentials.
After selecting the Form-based Authentication type, set the username and password. This is the credentials user have to provide when accessing the Share associated with this Login Profile.

When a user tries to access associated Shares, a Form-based login page is prompted expecting the user to enter a username and password.
By default, the NirvaShare logo is displayed, the administrator can change the logo with the branding feature. For more information on branding click on Settings – Branding Logo.

OTP Authentication
OTP-based authentication uses a one time based password token sent in email, To create OTP based login profile, select the authentication type as OTP. Provide the target user’s email ids. One or more email ids can be provided by comma separation. Additionally, a pattern supporting regular expression can also be provided, for example, *@yourcompany.com
In this case, users having an email domain as yourcompany.com will be able to log in with a valid email id.

When a user tries to access associated Shares, an OTP login page is prompted expecting the user to enter an allowed email id.
By default, the NirvaShare logo is displayed, the administrator can change the logo with the branding feature. For more information on branding click on Settings – Branding Logo.

External Identity Provider Integration
In addition to supporting an in-built authentication mechanism, NirvaShare also has the capability to integrate with any of your existing identity providers such as ActiveDirectory, Okta, Salesforce, IAM Identity Center, Keycloak, Google workspace, etc. External identity provider integration is done using the SAML 2 protocol. To create a login profile based on external identity providers, select the authentication type as Single Sign On (SAML 2)

Provide name, description, and SAML metadata of external IDP to create it. After creating the login profile, edit the same. You will notice a link to SAML metadata for this profile which is basically a service provider SAML metadata. Use this SP metadata to configure external identity provider.

For more information, please take a look at specific IDP integration in the documentation. When a user tries to access associated Shares, the user is automatically redirected to the external IDP login screen for authentication.