Search Documentation
< All Topics

Share Files From Digital Ocean Spaces With Entra ID (Active Directory) Users Using SSO

Sharing files from Digital Ocean spaces or Digital Ocean object storage with Microsoft Entra Id (Active Directory)  users is now made easier with the secure file sharing and access management platform,  NirvaShare. Entra ID is commonly used by organizations these days for managing users in a centralized manner that controls access across resources. NirvaShare is designed to be easily integrated with Entra ID to enable file sharing of Digital Ocean spaces object storage with its users. It also allows to use Entra ID groups for improved collaboration and better access control. 

Prerequisites

As  a prerequisite for Digital Ocean file storage sharing ensure that:

NirvaShare is installed in your system environment  either manually or from MarketPlace.

To configure storage, please refer to the document below.

Login Profile

In order to create a Login Profile in NirvaShare, you can make use of the following steps.

  • Log in to the Admin console of NirvaShare as an administrator.
  • Click on User Access and then Login Profile  from the left menu of the admin console.
  • Click on CREATE button from the top right corner.
  • Under the Basic Info tab, provide a name for the Login Profile Name and an optional description.

Authentication

  • For the Authentication, select External Single Sign On (SSO) and click on CREATE.
externaluser

Access

  • Provide an IP Address or IP Addresses in the allowed IP or Range of IP Addresses field by clicking on the Settings tab.
  • Choose the language in the Language field. By default it is set to English.

Note – To restrict access to only certain white listed IP address or a range, please refer to Access Restriction with IP Address

accz

SAML Metadata

For external identity provider integration, you will require SAML metadata from the login profile of NirvaShare. To obtain the SAML metadata for the newly created login profile, follow the below steps.

  • Edit the newly created login profile.
  • Click on Download SP Metadata or you can also copy it to the clipboard to open in a browser tab.
  • This will download the XML metadata file for NirvaShare.
  • This metadata file will be required to configure the external identity provider. So please save this file locally for further reference.
dldmdata

Note – At a later stage, you will also require SAML metadata from the identity provider and content of the same has to be pasted in the textbox and saved in the login profile.

Entra ID and Login Profile Configuration

We have to create an application SSO access point, i.e enterprise application in Entra ID to integrate with NirvaShare and share files:

  • Sign in to Azure  Portal https://portal.azure.com
  • Open Entra ID service.
  • From the left menu list, click on Enterprise applications.

To know more, you can also visit Microsoft site at HERE.

metadata
Share Vultr files
  • On the top menu, click on New application.
  • On the top menu, click on Create your own application.
  •  Provide a name as NirvaShare-userapp and click on Create.
createApp
  • After selecting the newly created application, click on Single sign-on from the left menu tab.
  • Next we have to enable SAML for which we should click on SAML block on right hand side.
saml
  • At this juncture, you will require SAML metadata file that was obtained from NirvaShare in the previous section.
  • For this, click on Upload metadata file.
  • Select the NirvaShare SAML metadata file and upload.
  • Save it.
  • Now go to the next section,  Attributes & Claims and click on edit.
  • Click on Add a group claim from the top menu.
  • Select All groups radio button and the Source attribute as Group ID.
group
  • Move down and expand Advanced options.
  • Click on checkbox to Customize the name of the group claim.
  • Provide the name as member.
  • Save it.
member

In the next step, we need to download Entra ID’s SAML metadata file.

  • Scroll down to the section SAML Signing Certificate.
  • Download the Federation Metadata XML file.
  • Save the file.
SAML signing

Updating Login Profile with SAML Metadata

Make sure you have the SAML metadata XML file obtained from external IDP and follow the below steps to update SAML metadata in the Login Profile.

  • Log in to Admin Console as an administrator.
  • Click on Login Profiles from the left menu of the Admin Console.
  • Edit the existing Login Profile of type External Single Sign On (SSO)
  • In the Upload IDP Metadata section click on the Choose File button and select the metadata file.
  • Click on UPDATE.
upd2

Shares

At this stage, we are good to use the SSO with Digital Ocean object storage spaces. For this, let us create a folder Share and enable SSO. Please refer the below documentation to create new Share from the Storage. During the course of this Share configuration, make sure to select the login profile that we created in the  above section. You can also create one or more shares and assign the same login profile.

Verification

  • For this, go to Nirva Share Admin Console, right click on the login profile that we created and select Copy Shareable Link.
  • Open the link in browser tab. This will redirect to Entra ID for SSO.
  • After the authentication, you should be able to access Shares assigned to the login profile.
Posted
Updated
Table of Contents