Online Help

SafeNet Trusted Access for kiteworks

Overview

The application template provides the ability to enable single sign-on for users accessing the kiteworks application through SafeNet Trusted Access.

The following use cases can be configured for kiteworks:

SP-initiated SSO

IdP-initiated SSO

Just-in-time (JIT) provisioning

Configuring SafeNet Trusted Access for kiteworks is a three-step process:

1.kiteworks setup

2.SafeNet Trusted Access setup

3.Verify authentication

kiteworks Setup

As a prerequisite, download the Identity Provider signing certificate from the SafeNet Trusted Access console by clicking the Download X.509 certificate button. You will need this certificate in one of the steps below.

Perform the following steps to configure SafeNet Trusted Access as your identity provider in kiteworks:

1.Log in to kiteworks as an administrator using the admin dashboard URL (for example, https://thalesgroup1.kiteworks.com/admin) provided by the kiteworks support team.

2.On the kiteworks dashboard, at the top, click the kiteworks icon ,

3.In the left pane, under Application, click Authentication and Authorization.

4.In the left pane Under Authentication and Authorization, click SSO Setup.

5.Under SSO Setup, perform the following steps:

a.In the SSO field, select the Setup SSO with SAML 2.0 option.

b.Select Initiate AuthnRequest.

c.In the IDP Entity ID field, enter the ISSUER/ENTITY ID URL that is provided on the SafeNet Trusted Access console.

You can copy this URL by clicking the Copy to Clipboard icon available next to the ISSUER/ENTITY ID field.

d.In the Service Provider Entity ID field, enter an entity ID (for example, kiteworks) for kiteworks.

e.In the Single Sign-On Service URL field, enter the SINGLESIGNONSERVICE URL that is available on the SafeNet Trusted Access console.

You can copy this URL by clicking the Copy to Clipboard icon available next to the SINGLESIGNONSERVICE field.

f.Select Sign AuthNRequest.

g.In a text editor, open the IdP certificate that you downloaded earlier from the SafeNet Trusted Access console and copy the entire text.

h.In the RSA Public Key Certificate field, paste the entire certificate text that you copied in the previous step.

i.In the NameIDPolicy Format field, ensure that unspecified is selected.

j.Click Download Service Provider Metadata to download the metadata and save it in your machine.

k.Click Save.

SafeNet Trusted Access Setup

After completing the first step of configuring SafeNet Trusted Access in kiteworks, the second step is to activate the kiteworks application in SafeNet Trusted Access by performing the following steps:

1.In the Applications pane, the kiteworks application you added earlier is in the inactive state by default. To configure and activate this application, click the application (for example, kiteworks) and proceed to the next step.

2.Under STA Setup, click Upload kiteworks Metadata.

3.On the Metadata upload window, click Browse to search and select the kiteworks metadata that you downloaded earlier in Step 4(j) of kiteworks setup.

Under Account Details, the service provider metadata information is displayed.

4.Click Save Configuration to save the details and activate the kiteworks application in SafeNet Trusted Access.

Verify Authentication

Using STA Console

Navigate to the kiteworks service login URL (for example, https://thalesgroup1.kiteworks.com), click on the Login via the external SSO provider link.

You will be redirected to your SafeNet Trusted Access sign-in page. Enter your primary directory login information, approve the two-factor authentication, and you should be redirected to the kiteworks user dashboard after authentication.

Using STA User Portal

Navigate to the User Portal URL to log in to the STA User Portal dashboard. On the dashboard, you will see a list of applications to which you have access. Click the kiteworks application icon. You should be successfully logged in to the kiteworks user dashboard after authentication.

 

© 2019 SafeNet Trusted Access. Various trademarks are held by their respective owners.