Stay Compliant With Your Cyber Security Posture

SAML SSO For Business & Enterprise Accounts

SAML SSO

An Introduction To SAML SSO

Security Assertion Markup Language (SAML) is an open standard that enables Single Sign-On (SSO). SAML and Single Sign-On are integral components of a robust enterprise cybersecurity strategy. They help the organization provide seamless access to required resources, services, and apps. They also centralize management, authentication, and transparency.

If your organization uses an Identity provider (IdP), users from your organization can automatically log in to Filemail. We support SAML SSO functionality with major Identity Providers like Microsoft Entra (Azure AD) and Google Workspace. This ensures Filemail fits into your organization's current authentication system, thereby enabling file sharing compliant with your organization's policies.

SSO with SAML

How To Use SAML SSO With Filemail

Filemail provides SAML SSO in our Business and Enterprise Managed File Transfer plans. To setup SAML SSO in Filemail, you must be on a Business or Enterprise account, and have administrator privileges. If you meet the requirements, follow the steps below.

  1. Sign in to Filemail web app.
  2. Click your account name (top-right of the browser window), and go to Settings.
  3. In the menu on the right, near the bottom, select Single Sign-On
  4. Specify your SSO Provider in the dropdown (Entra, Google Workspace).
  5. Enter the Tenant ID.
  6. Additionally, you can designate specific groups to use Filemail, by specifying the Group ID.

For more detailed instructions, please check out the following articles in our help center:

Microsoft Entra Integration with Filemail

Google Workspace Integration With Filemail

Using SAML SSO with Filemail

What Is A Tenant ID?

A Tenant ID is the unique identifier assigned to your organizations identity on an Identity Providers platform, such as Microsoft Entra (Azure Active Directory), Google Workspace, and similar. Part of the authentication process will entail using the Tenant ID to verify that the person using a particular login credential is part of the organizations directory, and to validate the users credentials if they are.

Specifically in Filemail’s case we use Tenant ID to:

  1. Confirm the user belongs to your organization.
  2. Apply the correct security and access policies you have defined with the Identity Provider.
  3. Verify that the user belongs to a permitted group.
  4. Verify the users credentials before granting access.
Tenant id

What Is SAML?

Security Assertion Markup Language (SAML) is a secure XML-based protocol that enables SSO. SAML allows certain parties to securely exchange authentication data, between a Service Provider and an Identity Provider. 

In our case, it exchanges data between Filemail (the Service Provider), and an Identity Provider (either Entra or Google Workspace). This ensures only permitted users from your organization can access Filemail, without having to enter the same credentials. 

saml definition

What is SSO?

Single Sign-On (SSO) is a user authentication protocol that permits a person to use the same login credentials for a variety of different services. Instead of having unique unrelated credentials for every service your organization uses, you use one credential, and are automatically logged into all related services. 

SSO is a prevalent protocol provided and used by major tech organizations, such as Microsoft and Google. For example you log into one Google service manually, verifying yourself using your login credentials, resulting in all other Google services no longer prompting you for login credentials.

sso definition

How does SAML SSO work?

  1. The user wants to log in to a particular service that uses SAML SSO.
  2. The service provider will redirect the user to an Identity Provider like Microsoft Entra or Google Workspace.
  3. The Identity Provider prompts the user to submit their credentials and may request additional verification, such as two-factor authentication.
  4. The Identity Provider authenticates the user and communicates, through SAML, to the Service Provider, that the authentication was successful.
  5. The Service Provider will acknowledge this, and will grant access to use their app or service.
how does saml sso work

Benefits of SSO

The benefits of SSO are especially evident in environments with many employees, who use a variety of integrated applications and services:

Save time: without having to login to a multitude of services and apps repeatedly.

Fewer username and passwords to manage: resulting in reduced friction and increasing user experience across multiple services.

Reduce attack surface: fewer credentials reduce the opportunity for unscrupulous behaviour by hackers, phishers and scammers.

Streamlined access: use a variety of apps and services with one authentication, removing the need to repeatedly log in to connected services.

Widely supported in enterprise settings: organizations can utilize additional services, all centrally managed and governed by their internal cyber security posture.

Centralized authentication and management: organizations can enforce transparency and compliance across a range of apps and services, by managing users, a set of credentials, and accessing user logs, in one place.

benefits of SSO
Frequently Asked Questions

Clients Ask, We Answer

1. User Attempts Access

A user attempts to access a service or application. The Service Provider (SP) does not authenticate the user directly. Instead, it initiates an SAML Request and redirects the user to the designated Identity Provider (IdP).

 

2. User Authentication by Identity Provider

The SAML Identity Provider authenticates the user based on your organization's defined security policies. This may include:

  • Username and password
  • Multi-Factor Authentication (MFA)

If the SAML authentication is successful, the Identity Providers generates an SAML response, referred to as an Assertion.

 

3. Assertion Sent to Service Provider

The SAML Assertion is a digitally signed XML document that confirms the user's identity and may include additional attributes. This Assertion is securely transmitted to the Service Provider.

 

4. Service Provider Validates the Assertion

The Service Provider verifies:

  • The digital signature on the assertion, to ensure it’s from a trusted Identity Provider.
  • That the assertion hasn’t expired
  • That the audience and recipient match the service
  • Optional conditions, such as group or role membership

 

5. Access is Granted

If all validations pass, the user is granted access to the requested service or application, without needing to log in again.

SSO (Single Sign-On) is a concept, a method of authenticating a user once to grant them access to multiple services and apps, without requiring additional logins.

SAML (Security Assertion Markup Language) is a secure open-standard that facilitates a specific technological method that defines how to authenticate and securely exchange data between a service provider and identity provider to implement SSO.

A simple way to understand and highlight the difference is, SAML is just one way to implement SSO. Other widely adopted protocols that enabled SSO functionality, include OAuth 2.0 and OpenID Connect (OIDC). SAML is typically used for enterprise-grade SSO with services like Box, Salesforce, and Filemail, where it is widely adopted across business-critical applications.

Filemail's SAML SSO integration is available on our Business and Enterprise accounts.

As part of our robust cloud security posture, we also provide end-to-end encryption, and password protection to protect your large file transfers, when sending large files.