SECURITY Administrators
NAVIGATION Configuration > Single Sign-On
This page allows you to configure and enable or disable single sign-on (SSO) for users.
The SSO feature provides an additional method for accessing File Protection Online. This, in turn, allows users to access their backups from any device without the need to first install File Protection Desktop. Users simply login to their IdP (Identity Provider) and the SAML 2.0 protocol is used to authenticate access to File Protection Online.
NOTE For more information on the advantages of SSO, please refer to What are the benefits of using the single sign-on (SSO) feature? in our FAQs area.
Requirements
To enable the SSO feature, the following requirements must be met:
- You must be a File protection user with Administrator permissions.
- You must have an administrator account in the IdP.
- The users that will utilize this feature must have accounts within and the IdP, and their email addresses for both must match.
If your IdP is not listed, use the information shown in the File Protection Online Single Sign-On tab to create a metadata XML file or URL from within your IdP. Please refer to your IdP's help for instructions on how to configure the application within their environment.
How to...
Configure single sign-on
Implementing this integration requires setup from within both and the IdP.
While the applications make it easy to set up the integration, you can use other IdPs. Simply use the information shown in the File Protection Online SSO tab to create a metadata file within your IdP, then import the resulting .xml file into File Protection Online.
The initial steps are taken within the IdP, and has created Applications within the following IdPs to make the process as easy as possible:
- Microsoft Entra ID (formerly Azure)
Implementation instructions: Click here.
- Okta
Implementation instructions: Single sign-on integration for Okta.
Configure the subdomain
When configuring the IdP, a subdomain will need to be specified. To confirm the correct subdomain, access File Protection Online for any device in the team. In File Protection Online, make note of the subdomain in the URL.
The subdomain is the part between the "https://" and ".fileprotection.datto.com/" and should be us, eu, ca, or au.
Activate single sign-on
Using the XML file or URL from the IdP, the final step is to activate the feature within File Protection Online.
- Go to Configuration > Single Sign-On.
- Enter the Metadata URL
or
Select the XML Metadata File option, then click Choose File and upload the XML metadata file provided by your IdP. - Click Enable SSO.
- Select the I confirm this information is correct and I trust this IdP check box.
- Click Approve.
Change your SSO configuration
- Click Configure Settings.
- Change the Metadata URL or XML Metadata File settings as desired.
- Click Save Settings.
- Select the I confirm this information is correct and I trust this IdP check box.
- Click Approve.
Enable or disable single sign-on
Toggle the Enable SSO/Disable SSO button on the Single Sign-On configuration page.
Report on SSO activity
Once enabled, the SSO tab will display an event log of SSO related activities on your team. These events will also be shown on theReports tab.
Accessing File Protection Online via single sign-on
Once the integration is enabled, users will be able to access File Protection Online via the application within the IdP interface. The specific steps will depend on your IdP.