Sharing files from Oracle Object Storage with Active directory users using SSO.
In this document let us understand how to share files from Oracle Object Storage with Active Directory users using SSO. The process of sharing files from Oracle object storage with Active Directory users is made easier by Nirvashare. Active Directories are predominantly used by organizations to efficiently manage users and co – ordinate access.
NirvaShare Login Profile
A login profile must be created in NirvaShare to enable SSO with external identity provider. Please refer to the below steps to create one.
- Log in to Admin Console as an administrator.
- Click on Login Profiles from the left menu of the Admin Console.
- Click on CREATE button from the top right corner.
- Provide a name for the title.
- For Authentication, select External Single Sign On (SSO) and click on CREATE.
For external identity provider integration, you will require SAML metadata from the login profile of NirvaShare. To obtain the SAML metadata for the newly created login profile, follow the below steps.
- Edit the newly created login profile.
- Click on the Download Metadata link.
- This will download the XML metadata file for NirvaShare.
- This metadata file will be required to configure the external identity provider. So you have to save this file locally for further reference.
ActiveDirectory and Login Profile Configuration
We need to create a application SSO access point, i.e enterprise application in Active Directory to integrate with NirvaShare:
- Sign in to Azure Portal https://portal.azure.com
- Open Active Directory service.
- From the left menu list, click on Enterprise applications.
To know more, you can also visit Microsoft site at HERE.
- On the top menu, click on New application.
- On the top menu, click on Create your own application.
- Provide a name as NirvaShare-userapp and click on Create.
- Once the newly created application is selected, click on Single sign-on from the left menu tab.
- We need to enable SAML, hence click on SAML block on right hand side.
- At this point, you will require SAML metadata file that was obtained from NirvaShare based on the previous section.
- Click on Upload metadata file.
- Select the NirvaShare SAML metadata file and upload.
- Save it.
- Edit the next section Attributes & Claims.
- Click on Add a group claim from the top menu.
- Select All groups radio button and Source attribute as Group ID.
- Scroll down and expand Advanced options.
- Enable checkbox to Customize the name of the group claim.
- Provide the name as member.
- Save it.
Now, we need to download ActiveDirectory’s SAML metadata file.
- Scroll down to the section SAML Signing Certificate
- Download the file Federation Metadata XML
- Save the downloaded file.
Updating SAML Metadata
Go back to NirvaShare Admin Console for this step.
- From the NirvaShare Admin Console, edit the Login Profile that we created earlier.
- Upload the Federation Metadata XML content obtained from Active Directory by clicking on Browse, next to Upload Metadata under External IDP SAML metadata.
- Save It.
With this, the required configuration to enable Active Directory Single Sign-On with NirvaShare is done. To test this, proceed to the next section to create Shares.
At this stage, we can use the SSO with Oracle Object Storage. Let us create a folder Share and enable SSO. Please refer to the below documentation to create a new Share from Storage. During the Share configuration, make sure to select the login profile that we created in above section. You can also create one or more shares and assign the same login profile.
- From the NirvaShare Admin Console, right click on the login profile that we created and select Copy Shareable Link.
- Open the link in browser tab. This will redirect to AD for SSO.
- Once the authentication is complete, you will be able to access Shares assigned to the login profile.