Search Documentation
< All Topics

How to Share Files From Backblaze B2 Storage with Active Directory Users using SSO

In this document let us understand how to share files from Backblaze B2 Storage with Active Directory users using SSO. The process of sharing files from Backblaze B2 with Active Directory users is made easier by Nirvashare. Active Directories are predominantly used by organizations to efficiently manage users and co – ordinate access. In order to obtain better file collaboration, AD groups can also be used along with good access control.

Prerequisites

In order to share Backblaze B2 files with Active Directory users, you should make sure that NirvaShare is installed in the system environment  manually.

Refer to the document below to configure storage.

Login Profile

Follow the below steps to create a new login profile to integrate with the external identity provider.

  • Log in to Admin Console as an administrator.
  • Click on Login Profiles from the left menu of the Admin Console.
  • Click on CREATE button from the top right corner.
  • Under the Basic Info tab, provide a name for the title and an optional description.
FTPS Login Profile

Access

  • Provide an IP Address or IP Addresses in the IP Address Restriction field.
  • Choose the language in the Language field. By default it is set to English.

Note – To restrict access to only certain white listed IP address or a range, please refer to Access Restriction with IP Address

au

Authentication

  • Click on the Authentication tab.
  • For the Authentication, select External Single Sign On (SSO) and click on CREATE.
sso

SAML Metadata

For external identity provider integration, you will require SAML metadata from the login profile of NirvaShare. To obtain the SAML metadata for the newly created login profile, follow the below outlined steps.

  • Edit the newly created login profile.
  • Click on the Download Metadata link.
  • This will download the XML metadata file for NirvaShare.
  • This metadata file will be required to configure the external identity provider and you have to save this file locally for further reference.
metadata

Active Directory and Login Profile Configuration

We need to create an application SSO access point, i.e enterprise application in Active Directory to integrate with NirvaShare:

  • Sign in to Azure  Portal https://portal.azure.com
  • Open Active Directory service.
  • From the left menu list, click on Enterprise applications.

To know more, you can also visit the Microsoft site HERE.

Azure Blob
  • On the top menu, click on New application.
  • On the top menu, click on Create your own application.
  •  Provide a name as NirvaShare-userapp and click on Create.
createApp
  • Once the newly created application is selected, click on Single sign-on from the left menu tab.
  • We need to enable SAML, hence click on the SAML block on the right hand side.
saml
  • At this juncture, you will require SAML metadata file that was obtained from NirvaShare in the previous section.
  • For this, click on the Upload metadata file.
  • Select the NirvaShare SAML metadata file and upload.
  • Save it.
  • Now go to the next section, Attributes & Claims and click on edit.
  • Click on Add a group claim from the top menu.
  • Select All groups radio button and the Source attribute as Group ID.
group
  • Move down and expand Advanced options.
  • Click on checkbox to Customize the name of the group claim.
  • Provide the name as member.
  • Save it.
member

In the next step, we need to download Active Directory’s SAML metadata file.

  • Scroll down to the section SAML Signing Certificate.
  • Download the Federation Metadata XML file.
  • Save the file.
SAML signing

Updating SAML Metadata

Go back to NirvaShare Admin Console.

  1. From the NirvaShare Admin Console, click on edit on the Login Profile that we created earlier.
  2. Upload the Federation Metadata XML content obtained from Active Directory by clicking on Choose File  next to Upload Metadata under External IDP SAML metadata.
  3. Save It.

With this, the required configuration to enable Active Directory Single Sign-On with Nirva Share is done. To test Backblaze B2 file sharing with Active Directory users using SSO, proceed with the next section to create Shares.

Shares

saml metadata

At this stage, we are good to use the SSO with Backblaze B2. Let us create a folder Share and enable SSO. Please refer to the below document to create a new Share from the Storage. During the Share configuration, make sure to select the login profile that we created in the above section. You can also create one or more shares and assign the same login profile.

Verification

  • From the NirvaShare Admin Console, right click on the login profile that we created and select Copy Shareable Link.
  • Open the link in browser tab. This will redirect to AD for SSO.
  • After the authentication, you will be able to access Shares assigned to the login profile.
Posted
Updated
Table of Contents