Start FileCloud FREE Trial
Log in

Integrate Microsoft Entra ID with FileCloud


Azure Active Directory is now Microsoft Entra ID. 

Before completing the following procedures, configure Apache Web Server. See SSO Configuration Step 1 on the page SAML Single Sign-On Support for configuration instructions.

Note: Microsoft Entra ID can only be integrated if FileCloud has an SSL certificate in place, as Microsoft requires HTTPS URLs when configuring FileCloud in Entra ID.

 FileCloud can be integrated with Microsoft Entra ID.

  • Microsoft Entra ID must be configured as an Identity Provider (IdP) 
  • FileCloud will act as the Service Provider (SP)

To integrate Microsoft Entra ID with FileCloud: 

Login to the Azure Portal ( https://portal.azure.com ).

  1. Search for Microsoft Entra ID,  and then click the Microsoft Entra ID icon.

  2. If you see a directory list, select the directory you want to integrate with FileCloud.
  3. Select Enterprise applications in the left navigation menu.
  4.  Click New application.
  5. In the Browse Microsoft Entra Gallery page, enter FileCloud in the search box, and click the FileCloud icon.

    FileCloud information appears in the right panel.
  6. Enter a name for your FileCloud app, and click Create.

    The Overview page for the new application opens.
  7. In the Set up single sign on box, click Get started.

    The Single sign-on screen opens.
  8. Click SAML.

    The SAML-based Sign-on screen opens.
  9. In the Basic SAML Configuration box, click Edit.

    In the right panel, the Basic SAML Configuration form opens.
  10. Enter the top three fields, Identifier (Entity ID), Reply URL, and Sign on URL using your FileCloud domain, then click Save.
    Identifier (Entity ID) - the FileCloud SSO endpoint, for example, https://yourdomain.com/simplesaml/module.php/saml/sp/metadata.php/default-sp
    Reply URL - your FileCloud domain with the additional path indicated, https://yourdomain.com/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp
    Sign on URL     - Your FileCloud site URL, for example, https://yourdomain.com
  11. Close the panel and scroll down to the SAML Certificates box.
  12. Download and save the Federation Metadata XML.
  13. Click Users and groups in the left navigation panel, and click Add user/group.
  14. In the Add Assignment page, click the link under Users or Groups to add users and groups.

    The Users or Groups page opens.
  15. Search for and check the users or groups that you want to assign to the app, and choose Select (at the bottom of the page).
  16. At the bottom of the Add Assignment page, click Assign.

  17. Log in to your FileCloud admin portal, and go to Settings > SSO.

  18. In the Default SSO Type drop-down list, choose SAML.

  19. Enter the following details:

    SettingsValue
    Default SSO TypeSAML
    IdP Endpoint URL or EntityIDFrom the metadata XML downloaded, copy the entity ID on the first line of the XML document.
    IdP Username ParameterBased on the IDP configurations these values may vary. Use the appropriate one of the following:
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress 
    or
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    IdP Email ParameterBased on the IDP configurations these values may vary. Use the appropriate one of the following:
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
    or
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    IdP Given Name Parameterhttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
    IdP Surname Parameterhttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
    IdP MetadataCopy the complete contents of the metadata XML downloaded.

    To get the Idp End Point URL, open your downloaded xml data and copy the Entity ID as shown in the screen shot below.

  20. Save the above settings.
    This completes the Microsoft Entra ID SSO integration with FileCloud.


Troubleshooting failed SSO login for a member of an IdP group

An IdP group is a group of users in Microsoft Entra ID who are authorized to log in to FileCloud. When a user logs in to FileCloud with SSO using Entra ID, FileCloud automatically checks the login user's FileCloud group name to see if it is the same as the user's IdP group name. However, this fails because Entra ID can only send the Group ID, not the group name, to FileCloud. To fix this, add a custom claim parameter named memberof in Entra ID to send the group's Object ID (Group ID) to be compared with the field Limit Login to IdP Group in FileCloud SSO settings. Since the two values are identical, the user is able to log in to FileCloud.

To get the group's Object ID, in Microsoft Entra ID:

  1. Log in the the Azure portal, and in the navigation panel, click Microsoft Entra ID.
  2. In the navigation panel, click Groups, and then click the Group to limit the login to.
  3. In the Overview screen for the group, copy the Object ID field:
  4. In FileCloud, go to SAML Settings, and in Limit Login to Idp Group, enter the Object Id.

    In Microsoft Entra ID,  go to the Enterprise Applications screen, and choose the FileCloud application
  5. In the navigation panel, click Single sign-on.
  6. Scroll down to Attributes and Claims, and click Edit.
  7. Click Add a group claim.
    A Group Claims form opens in the right panel.
  8. In Source attribute, choose Group ID.
  9. Check Customize the name of the group claim.
  10. In Name, enter memberof. 
  11. Click Save.
    The new claim is listed under Additional claims with the value user.groups (which is equal to Object Id).

    Now memberof will be sent to FileCloud with the value of the user group, and when FileCloud compares it with the Idp Group, the values match, so FileCloud will allow the login.