Identity Provider (IdP) Integration

Identity Provider (IdP) integration can be key to meeting security requirements from your InfoSec team, and ease-of-use requirements for your customers. IdP solutions allow your customer to have only one set of credentials, and to use them anywhere.

FileWave Identity Provider (IdP) Integration Overview

What

Identity Provider (IdP) integration can be key to meeting security requirements from your InfoSec team, and ease-of-use requirements for your customers.  IdP solutions allow your customer to have only one set of credentials, and to use them anywhere.

FileWave currently supports 3 IdP providers with version 14.6.x.

Only one of each IdP may be configured.

When/Why

If you currently utilize an IDP provider, you'll want to start here to understand the supported platforms and the instructions for setting up access.

How

Known Issue

At this time, FileWave IDP integration is limited to only FileWave Admin authentication and Apple device enrollment.  Directory data synchronization (and custom fields) between the IDP source and FileWave is not supported at this time, but will be added in a future release.  In the meantime, current LDAP(S) synchronization can be used as a stop-gap to achieve the same result.



IdP Setup: Microsoft Entra ID

What

Before we can use AzureAD for authentication from FileWave, we must create a new application in the Azure Portal and give FileWave access to it.  The whole purpose of this configuration is to give FileWave permissions to talk to your Microsoft Entra ID environment.

When/Why

This configuration is required if you want to use AzureAD for authentication during device enrollment or during login to the FileWave Web and Native administrator consoles.

How

The configuration for access is all driven through an Microsoft Entra ID application, so we need to start with:

Part 1: Login to Microsoft Entra ID Portal

First, we'll login to Microsoft Entra ID at portal.azure.com with an administrator's account and click on Microsoft Entra ID as shown:

AzureSetup1.png

And make note of the domain info shown below:

AzureSetup2.png

It is a good idea to take all of these elements and label/paste them into a document you store securely.   Although we'll use them to configure FileWave, you can't access many of them from FileWave once they are stored.

Part 2: Create an App

Now we have to create an app for FileWave to talk to, and assign some right to it.  First go to the app registrations menu, then click "new registration":

AzureSetup3.png

Specify a name for your app that is meaningful to you, and Register the app (we'll set the login URIs later).

AzureSetup4.png

Part 3: Add a Platform and URI Addresses

Within the app configuration, we'll choose Authentication, then Add a Platform, of type Web: