Online Help

SafeNet Trusted Access for MyWorkDrive

Overview

The application template provides the ability to enable single sign-on for users accessing the MyWorkDrive application through SafeNet Trusted Access.

The following use cases can be configured for MyWorkDrive:

SP-initiated SSO

IdP-initiated SSO

Single logout

Configuring SafeNet Trusted Access for MyWorkDrive is a three-step process:

1.MyWorkDrive setup

2.SafeNet Trusted Access setup

3.Verify authentication

MyWorkDrive Setup

As prerequisites,

MyWorkDrive server v5.2 is installed and configured.

Use public SSL certificate for the MyWorkDrive client site.

Note:  The *.myworkdrive.net domain does not support SAML.

Download the Identity Provider signing certificate from the SafeNet Trusted Access console by clicking the Download X.509 certificate button. You will need this certificate in one of the steps below.

Perform the following steps to configure SafeNet Trusted Access as your identity provider in MyWorkDrive:

1.Login to MyWorkDrive as an administrator.

2.On the admin dashboard, in the left pane, click ENTERPRISE.

3.In the right pane, under ENTERPRISE, enable SAML/ADFS SSO.

4.Under SAML/ADFS SSO, perform the following steps:

a.In the drop down list, select Manual SAML.

b.Enable Require SSO Login.

c.Enable Enable Single Logout.

d.Click Save.

5.On the MyWorkDrive server, go to C:\Wanpath\WanPath.Data\Settings\Certificates and perform the following steps:

a.Copy the Identity Provider certificate file that you downloaded earlier from the SafeNet Trusted Access console and paste it into current folder.

b.Open the mwd.cer (DER encoded binary X.509) certificate in Crypto Shell Extensions and export it to Base-64 encoded X.509 (.cer) format. Save the certificate on your local machine. You will need this certificate while configuring MyWorkDrive in SafeNet Trusted Access.

6.Open the saml.config file (path, C:\Wanpath\WanPath.Data\Settings\saml.config) in a text editor, and perform the following steps:

a.Locate the <ServiceProvider> tag, in the Name parameter, ensure that the value is MyWorkDrive. This value will act as MyWorkDrive Entity ID.

b.Locate the <ServiceProvider> tag, in the LocalCertificateFile parameter, ensure that the value is C:\Wanpath\WanPath.Data\Settings\Certificates\mwd.pfx.

c.Locate the <PartnerIdentityProviders> tag and add the following line and enter the parameters' values as per your preferred configuration:

<PartnerIdentityProvider Name="<IDP Entity ID>" Description="<IDP Name>" SignAuthnRequest="true" SignLogoutRequest="true" SingleSignOnServiceUrl="<IDP ACS URL>" SingleLogoutServiceUrl="<IDP SLO URL>" PartnerCertificateFile="<IDP X.509 certificate path>"/>

For example,

<PartnerIdentityProvider Name =”<Your SafeNet IDP Issuer/Entity ID URL>" Description="SafeNet IDP" SignAuthnRequest="true" SignLogoutRequest="true" SingleSignOnServiceUrl="<Your SafeNet IDP Single Sign-On Service URL>" SingleLogoutServiceUrl="<Your SafeNet IDP Single Sign-On Service URL>" PartnerCertificateFile="C:\Wanpath\WanPath.Data\Settings\Certificates\idpcertificate.crt "/>

Where,

<IDP Entity ID> is the Issuer/Entity ID URL that is provided on the SafeNet Trusted Access console. You can copy this URL by clicking the Copy to Clipboard icon available next to the Issuer/Entity ID field.

<IDP Name> is the name of the Identity provider. For example, SafeNet IDP

<IDP ACS URL> and <IDP SLO URL> are the SingleSignOnService URL that is provided on the SafeNet Trusted Access console. You can copy this URL by clicking the Copy to Clipboard icon available next to the SingleSignOnService field.

<IDP X.509 certificate path> is the location of Identity provider certificate that you mentioned earlier in Step 5. For example, C:\Wanpath\WanPath.Data\Settings\Certificates\idpcertificate.crt

7.Save and close the saml.config file.

SafeNet Trusted Access Setup

After completing the first step of configuring SafeNet Trusted Access in MyWorkDrive, the second step is to activate the MyWorkDrive application in SafeNet Trusted Access by performing the following steps:

1.In the Applications pane, the MyWorkDrive application you added earlier is in the inactive state by default. To configure and activate this application, click the application (for example, MyWorkDrive) and proceed to the next step.

2.Under STA Setup, perform the following steps:

a. Under Account Details, in the FULLY QUALIFIED DOMAIN NAME field, enter the fully qualified domain name that is bind to your MyWorkDrive client site.

For example, https://win-691j0c8s041.testgem.com

b.Under SAML Certificates, under Signing Certificate, click Upload Certificate to upload the certificate that you saved in Step 5(b) of MyWorkDrive Setup.

c.Under SAML Certificates, under Encryption Certificate, click Upload Certificate to upload the certificate that you saved in Step 5(b) of MyWorkDrive Setup.

3.Under User Login ID Mapping, in the NAME ID field, ensure that Email Address is selected.

4.Click Save Configuration to save the details and activate the MyWorkDrive application in SafeNet Trusted Access.

Verify Authentication

Using STA Console

Navigate to the MyWorkDrive Client site URL, <Fully Qualified Domain Name>/Account/Login-SAML.aspx, where <Fully Qualified Domain Name> is the fully qualified domain name which is bind to your MyWorkDrive Client site.

For example, https://win-691j0c8s041.testgem.com/Account/Login-SAML.aspx

You will be redirected to your SafeNet Trusted Access sign-in page. Enter your primary directory login information, approve the two-factor authentication, and you should be redirected to the MyWorkDrive Client Site Dashboard after authentication.

Using STA User Portal

Navigate to the User Portal URL to log in to the STA User Portal dashboard. On the dashboard, you will see a list of applications to which you have access. Click the MyWorkDrive application icon. You should be successfully logged in to the MyWorkDrive Client Site Dashboard after authentication.

 

© 2019 SafeNet Trusted Access. Various trademarks are held by their respective owners.