Skip to main content

SAML (Any Provider)

Files.com supports SP (Service Provider) initiated SSO (Single Sign-On) flow securely and integrates with the most popular SSO providers. If your identity provider is not listed by name in our list of supported SSO providers, you can use our generic SAML Service Provider application to connect your IdP with Files.com.

Some examples of identity providers where you can use our SAML application are: Ping Identity, Cloudflare SSO, Cisco Duo Security SSO, Google Workspace SSO, IBM Security Verify, Rippling SSO, etc. We are able to work with any SSO provider that is SAML 2.0 compliant.

SAML Overview

Security Assertion Markup Language (SAML) is an XML-based, open-standard data format for exchanging authentication and authorization data between parties (for example, between an identity provider and a service provider).

The SAML specification outlines three key roles within its framework. First is the Principal, typically representing a user, although in certain instances, it may also denote a system or application. The second role is the IdP, or Identity Provider, which refers to the entity responsible for managing and authenticating user identities. Popular examples of IdPs include Ping Identity and Cloudflare SSO. The third role is called the SP, or Service Provider, and in this case it means the Files.com application. These roles serve as the building blocks of the SAML protocol, defining how users, identity providers (such as Ping Identity or Cloudflare SSO), and service providers (like Files.com) interact and specifying the responsibilities of each.

Configure SAML Application

To configure the Files.com SAML application to connect to your identity provider, you need the below information to set up your connection. Users must already exist in Files.com for SAML login. You need to configure your Identity provider first and then configure the Files.com application.

Configure Your Identity Provider

The first step is to set up a connection for Files.com SSO with your IdP. You need below information to configure the SAML application in your IdP.

FieldValue
Single Sign On URL

Assertion Consumer Service URL

ACS URL

Service Provider SSO URL

SP SSO URL
https://app.files.com/saml/consume

Audience URI

SP Entity ID

SP URL

Provider ID

Metadata URL
https://app.files.com/saml/metadata
Default RelayState (optional)[SUBDOMAIN].files.com (Replace [SUBDOMAIN] with your Files.com subdomain)
Name ID formatEmailAddress
Application usernameEmail

Once you have configured the SAML application in your IdP with the above information, you will get access to a Metadata file and/or a Metadata URL from your IdP that will need for the next step. SAML metadata is an XML document which contains information necessary for interaction with SAML-enabled identity or service providers. This metadata document contains information such as URLs of endpoints, information about supported bindings, identifiers and public keys.

Configure Files.com SAML Application

Type "SSO Providers" in the search box at the top of every page and then click on the matching result. Click the Add provider button. Click to select SAML (Other Provider). If you have a Metadata URL or a XML file from your IdP, enter it in to the form and click Save.

If you need to use Certificate Fingerprint to connect, get the Issuer URL, SLO endpoint and SSO endpoint from your IdP. Also, download the certificate from your IdP. Once the Certificate is downloaded on your local machine, run the following command using terminal to obtain the Certificate's Fingerprint

openssl x509 -in [your_cert_file] -noout -sha256 -fingerprint

In Files.com, select the Certificate Fingerprint option and paste the fingerprint you obtained from the above command. Paste the Issuer URL you copied from your IdP. You can use the same URL for the SLO endpoint and for the SSO endpoint. Click on Save to save your configuration.

The generic SAML authentication method will now be available when assigning an authentication method for a user in Files.com, and the Sign in with SAML (Other Provider) button will be displayed on your site's login page. Note that Single sign-on authentication can only be used with browser-based sessions, or with the Files.com Desktop App.

It is strongly recommended to keep at least one site administrator with the password option as the authentication method, rather than assigning all to SSO, to prevent being locked out of Files.com in case of IdP or SSO issues.

SCIM Provisioning

Files.com supports SCIM provisioning and is designed to integrate seamlessly with popular identity providers with SAML based integrations, as well as with generic SAML integration if your IdP supports SCIM provisioning. Visit the SCIM Provisioning page for more details.

Get Instant Access to Files.com

The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, then fill out the short form on the next page. Your account will be activated instantly. You can dive in and start yourself or let us help. The choice is yours.