Auth0 SSO
Files.com supports Single Sign-On with Auth0 using either SAML or OpenID Connect. We recommend opting for SAML whenever possible, as it is a more robust integration technology that accommodates a broader range of use cases. Both sets of instructions are provided here.
Adding Files.com in Auth0 via OpenID Connect
After logging in to your Auth0 account as an administrator, navigate to Applications and click the Create Application button.
Click to select the Regular Web Applications application type, and click the Create button.
Click the Settings tab of the newly created application, and enter the URL https://app.files.com/login_from_oauth?provider=auth0
in the Allowed Callback URLs field.
Click the Save Changes button to apply the change. Next, click the copy icon next to the Client ID to copy it. Keep this browser tab open, as you'll be returning here to copy the Client Secret later.
Adding Auth0 in Files.com via OpenID Connect
Log in to your Files.com account as a site administrator. Type "SSO Providers" in the search box at the top of every page, then click the matching result. Scroll to the SSO Providers section, and click the Add provider button. Click to select the Auth0 provider.
In the Add provider form, enter your Auth0 subdomain into the Subdomain field, and paste the Client ID you copied in the previous step into the Client ID field.
Back in Auth0, click the copy icon next to the Client Secret to copy it, and paste it into the Client secret field in Files.com. Lastly, click the Save button to apply the change.
The Auth0 SSO method will now be available when assigning an authentication method for a user in Files.com, and the Sign in with Auth0 button will be displayed on your site's login page.
Adding Files.com in Auth0 via SAML
After logging in to your Auth0 account as an administrator, navigate to Dashboard -> Applications -> Applications and select Create Application.
Select the option for Regular Web Application, provide your application with a name, and click on Create.
Next, navigate to Addons, enable the SAML2 Web Application toggle. Navigate to Addon: SAML2 Web App -> Settings, for the Application Callback URL enter https://app.files.com/saml/consume
and scroll to the bottom of this window to press Enable.
Next, navigate to Addon: SAML2 Web App -> Usage, and click to download the Identity Provider Metadata this will be used to connect to your Files.com site.
Adding Auth0 in Files.com via SAML
Type "SSO Providers" in the search box at the top of every page, and then click on the matching result. Click the Add provider button. Click to select the Auth0 provider.
In the Add provider form, select the Use SAML option, and under Connect to SAML provider via, select Metadata XML file, and upload the XML file you had downloaded for the Identity Provider Metadata via Auth0.
Lastly, click the Save button to apply the change.
The Auth0 SSO method will now be available when assigning an authentication method for a user in Files.com, and the Sign in with Auth0 button will be displayed on your site's login page.
It is strongly recommended to keep at least one site administrator with the password option as the authentication method, rather than assigning all to SSO, to prevent being locked out of Files.com in case of IdP or SSO issues.
Provisioning Users Automatically
There are 2 primary methods for automatically provisioning users through Auth0: SCIM provisioning and Just-In-Time (JIT) provisioning. SCIM provisioning involves the systematic synchronization of user data between your identity provider and Files.com, ensuring consistent and up-to-date user records. On the other hand, Just-In-Time (JIT) provisioning operates by creating user records on Files.com at the moment of their initial successful login, offering a more immediate approach. These two mechanisms provide flexibility in managing user provisioning based on your specific requirements and preferences within the Auth0 environment.
SCIM Provisioning
SCIM Provisioning is a standard that allows your Users to be automatically provisioned in Files.com from Auth0. Note that SCIM provisioning only works with SAML based integration with AuthO.
Input the following settings into Auth0 for SCIM:
Field | Value |
---|---|
SCIM connector base URL | https://app.files.com/api/scim |
Authentication Mode | Basic Auth |
Basic Auth Username and Password | Enter a username and password of your choice |
The username and password entered for Basic Auth will also need to be added as the SCIM username and password in Files.com in the settings for your Auth0 SSO Provider. Type "SSO Providers" in the search box at the top of every page and then click on the matching result. Locate your Auth0 provider entry and edit the settings to set Enable automatic user provisioning via SCIM? to Basic in Files.com.
After setting the above, your Auth0 users assigned to the Files.com application in Auth0 will be provisioned to Files.com and should be able to log in to Files.com via SSO.
Just-In-Time (JIT) Provisioning
JIT Provisioning operates by generating user records on Files.com upon their initial successful login. While this method is simpler than SCIM, it does have limitations. For instance, JIT can provision users but lacks the ability to delete or disable them. Files.com will automatically use Just-In-Time (JIT) Provisioning if you don't set up SCIM.
IdP-Initiated Single Sign On (SSO)
The typical login process for SSO on Files.com involves the user navigating to your Files.com site and then clicking a button to be redirected to Auth0. This is the most secure process and is the process that we primarily recommend.
In certain application or enterprise scenarios, it is sometimes preferred to have the SSO process begin at Auth0 (the identify provider, or "IdP"). For example, you might set up an Auth0 based portal and then allow users to navigate to Files.com from there.
IdP-Initiated flows carry a security risk and are therefore not recommended, however they are supported. Make sure you understand the risks before enabling IdP-Initiated SSO. Auth0 has a guide for setting up IdP-Initiated SSO.
First, ensure your connection between Auth0 and Files.com is set up as SAML as opposed to OpenID Connect. Then, follow the directions in the Auth0 guide and select SAML as the Response Protocol for the connection.