Integrating Multiple IDPs

Before completing the following procedures, configure Apache Web Server. See SSO Configuration Step 1 on the page SAML Single Sign-On Support for configuration instructions.

In some cases you may want to use different IDPs for your users, for example, if your users sign in to FileCloud from different platforms. 

Beginning with FileCloud version 20.1, you can configure up to six different IDPs (the default and five additional ones) for single sign-on (SSO). The configuration assigns an email domain to each IDP, and chooses which IDP to apply depending on the domain of the sign-in email address.

To configure multiple IDPs

  1. Set up SSO, and configure your default IDP according to the instructions in SAML Single Sign-On Support. The Idp Configured on this UI is the default Identity Provider.
  2. Rename the file idpconfig-sample.php to idpconfig.php in: 
    • Windows: xampp/htdocs/config

    • Linux: /var/www/config

  3. Open idpconfig.php.
  4. Use the help comments in idpconfig.php to set the configuration parameter values for each IDP. If something is not applicable leave it empty.
    You can configure up to 5 IDPs  in idpconfig.php. Attach the suffix _1, _2 , _3, _4, or _5 to the parameters for each one so that the system knows which IDP they refer to. 
    Please Note that any email domains not added as part of TONIDOCLOUD_SAML_EMAIL_DOMAINS_1,TONIDOCLOUD_SAML_EMAIL_DOMAINS_2, TONIDOCLOUD_SAML_EMAIL_DOMAINS_3, TONIDOCLOUD_SAML_EMAIL_DOMAINS_4, TONIDOCLOUD_SAML_EMAIL_DOMAINS_5 will automatically be considered to be part of the default Identity Provider configured through the admin UI - Settings - SSO
  5. Open cloudconfig.php at

    • Windows: xampp/htdocs/config/cloudconfig.php

    • Linux: /var/www/config/cloudconfig.php

  6. Add the following, and include up to five domains: These domains are the domains for the email address.

    for example: define("TONIDOCLOUD_SAML_DOMAINS_ALLOWED",",,");

    The domains are associated with the values for TONIDOCLOUD_SAML_EMAIL_PARAM_1, TONIDOCLOUD_SAML_EMAIL_PARAM_2, TONIDOCLOUD_SAML_EMAIL_PARAM_3, and so on in idpconfig.php.

  7. Users must sign in with their email addresses so FileCloud can determine which IDP they are using.

For IDP initiated single sign-on, the IDP url, which is the entityID, must be passed as a query string parameter to the relay state URL.

For example: 

To configure custom error messages for each IDP

With this functionality, you have the ability to configure custom SAML/SSO invalid sign-in messages for each IDP. 

  1. Open 

    • Windows: xampp/htdocs/config

    • Linux: /var/www/config

  2. Add the following:

    define("TONIDOCLOUD_SAML_ERROR_MSG_n", "<error message>");
    where n is the number of the IDP configured in idpconfig that the error message applies to. 
    For example:
            <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
            <title>FileCloud SSO Authorization Page</title>
        <link rel="stylesheet" href="bootstrap.min.css">  
        <div class="container">
    	<h2 align="center"> <img src="../core/getcustomimage?type=login"></img></h2>
            <h2 align="center"><u>Single Sign-on Login</u></h2>
            <p align="center">Failed to login automatically via SAML Single Sign-on (SSO). <br/>Please return to the main login page and login normally. </p>
            <div align ="center">
            <A HREF="/" class="btn btn-primary btn-sm" role="button">Back to Login</A>
  3. The value you enter for <error message> appears when your screen displays the SSO Error Message in the SAML Settings for the corresponding IDP.

    For more information, see 3. Configure Idp settings in FileCloud on the help page SAML Single Sign-On Support.

To allow duplicate user names for different domains

FileCloud will not create users with the same usernames from the SSO sign-in screen. However, in multiple IDP scenario, there may be a situation where email prefix might be the same for 2 users even though their email address is different. In this case, FileCloud will convert the email prefix to username, which will fail. You must use the following setting to overcome this problem.

  1. Open cloudconfig.php at
    .Integrating Multiple IDPs v2V
    • Windows: xampp/htdocs/config/cloudconfig.php

    • Linux: /var/www/config/cloudconfig.php

  2. Add the following and save:


    If you create a a user with the user name jocelynp and email, FileCloud creates a user with the user name jocelynp.
    Next, if you attempt to create a user with the user name jocelynp and email, FileCloud creates a user with the user name

To configure custom settings for automatic account creation for each IDP

Beginning in FileCloud version 20.1, you have the ability to configure custom automatic account creation settings for each IDP.

  1. Open 

    • Windows: xampp/htdocs/config

    • Linux: /var/www/config

  2. Add code such as the following, which enables new account to be created during login and automatically approved with Full User permissions. The code below configures settings for domain 1 because parameters are suffixed with _1. See To configure multiple IDPs, above for information about adding suffixes to IDP parameters.

    /* Allow new account to be created during the login process, when authenticated through this IDP
    allowed values FALSE or TRUE */
    Set Status of new accounts created automatically when authenticated through this IDP
    0 - No Automatic approval, Admin has to approve account
    1 - Automatically approve new accounts to Full User
    2 - Automatically approve new accounts to Guest User
    3 - Automatically approve new accounts to External User

Note: Configure the settings for the main IDP in the Admin user interface in Settings > SSO. See 3. Configure Idp settings in FileCloud on the help page SAML Single Sign-On Support. for instructions.