Related Links

Single-Sign-on

If your question is not addressed below, contact us through our and we will get back to you shortly.
faq What is Single Sign-on?
faq What are the supported features in IDrive® e2 SSO?
faq How do I set up Single Sign-On (SSO) with IDrive® e2?
faq How do I configure my IDrive® e2 account for SSO?
faq Can I configure my own identity provider for SSO?
faq How can I enable SSO for users?
faq How do I disable SSO for users?
faq How do I delete an SSO profile?
faq How do I generate the SCIM provisioning token for SSO to sync contacts from IdP?
faq How to login via SP-initiated SSO?
faq How to login via IdP-initiated SSO?
faq Can I use IdPs like OneLogin, Okta, etc. to configure Single Sign-On?

What is Single Sign-on?

Single Sign-on (SSO) is a one-step user authentication process. If you are the admin of an IDrive® e2 account, you can enable your users to access IDrive® e2 by signing in to a central identity provider.

You can use any IdP of your choice to process all user authentications. This simplifies the sign-in experience by allowing users to login to multiple systems with just one set of credentials.

What are the supported features in IDrive® e2 SSO?

IDrive® e2 currently supports the following features for SSO:

  • SP-initiated SSO
  • IdP-initiated SSO
  • SCIM User provisioning

How do I set up Single Sign-On (SSO) with IDrive® e2?

As an admin, you can enable your users to access IDrive® e2 by signing in to a central identity provider. To set up SSO with IDrive® e2, you need first to configure your identity provider and then configure SSO in IDrive® e2.

How do I configure my IDrive® e2 account for SSO?

To configure SSO,

  1. Sign in to IDrive® e2 with your email address and password.
  2. Navigate to the 'Dashboard' > 'Settings' > 'Single Sign-On (SSO)''.
  3. Enter a name for your SSO profile.
  4. Enter the Issuer URL and SSO Endpoint.
  5. Upload the X.509 certificate received from your IDP.
    Note: X.509 certificate should only be in .pem, .txt, .cer, and .cert format.
  6. Click 'Configure Single Sign-On'.

You will receive an email when SSO is enabled.

Can I configure my own identity provider for SSO?

Yes, you can configure your own identity provider for SSO along with a set of parameters as described below:

  • IDrive® e2 uses SAML 2.0 with the HTTP Redirect binding for IDrive® e2 to IdP and expects the HTTP Post binding for IdP to IDrive® e2.
  • While configuring with SAML, use the two following URLs and save the changes.
    1. Single sign on URL: https://api.idrivee2.com/api/sso/samlassert
    2. Audience URL (SP Entity ID): https://api.idrivee2.com/api/sso/metadata.xml
  • Your identity provider may ask whether you want to sign the SAML assertion, the SAML response, or both. IDrive® e2 requires the SAML response to be signed.

You can choose a signed or unsigned SAML assertion.

How can I enable SSO for users?

Admin of the IDrive® e2 account can enable SSO while inviting users. Alternatively, the admin can enable SSO for the existing users.

To enable SSO for new users,

  1. Sign in to IDrive® e2 with your email address and password.
  2. Go to 'Users' > 'Invite User'.
  3. Enter the email addresses of the users you want to invite. You can invite a maximum of 10 users at a time.
    Note: An invite will be sent to these email addresses for creating an account.
  4. Select the 'Make as admin' checkbox to grant users administrative privileges. All users with admin permissions can manage buckets, access keys, and users
  5. Select the 'Enable SSO' checkbox.
    Note: If you select the checkbox, you won't be able to set the password.
  6. Select access permission for the users i.e. 'Read and write', Read only', or 'Upload only'.
  7. Allow access to all buckets or select the buckets to allow access.
  8. Click 'Invite User'.

To enable SSO for existing users,

  1. Sign in to IDrive® e2 and go to 'Users'.
  2. Hover on the user you want to enable SSO, and click .
  3. Select the 'Enable SSO' checkbox.
  4. Click 'Save'.

How do I disable SSO for users?

To disable SSO for users,

  1. Sign in to IDrive® e2 and the 'Users'.
  2. Hover on the user you want to edit and click .
  3. Deselect the 'Enable SSO' checkbox.
  4. Click 'Save'.

A user will be intimated by an email informing that SSO for their account has been disabled. Now they must sign in to IDrive® e2 using their email address and password.

How do I delete an SSO profile?

To delete an SSO profile,

  1. Sign in to IDrive® e2.
  2. Navigate to the 'Dashboard' > 'Settings' > 'Single Sign-On (SSO)'.
  3. Click corresponding to the SSO profile you wish to delete.

How do I generate the SCIM provisioning token for SSO to sync contacts from IdP?

To generate a token for syncing contacts,

  1. Sign in to IDrive® e2 via a web browser.
  2. Navigate to the 'Dashboard' > 'Settings' > 'Single Sign-On (SSO)''.
  3. In the SSO section, click the 'Generate Token' button under 'Sync users from your identity provider' to generate a token.
  4. Click the 'Copy Token' button to copy and save the token for future reference.
    The token will be required to sync all the users linked with your IdP to your IDrive® e2 account.
  5. Configure the following SCIM User provisioning URL in your IdP:
    https://api.idrivee2.com/api/sso/user_provisioning

How to login via SP-initiated SSO?

To login via SP-initiated SSO,

  1. Go to IDrive® e2 sign in and click Sign in to SSO account.
    Alternatively you can go to https://app.idrivee2.com/sso/login.
  2. Enter your email address and click Sign in.

How to login via IdP-initiated SSO?

To login via IdP-initiated SSO, you must log in to your IdP dashboard and select IDrive® e2.

Can I use IdPs like OneLogin, Okta, etc. to configure Single Sign-On?

Yes, you can use Identity Providers (IdPs) like OneLogin and Okta to configure Single Sign-On (SSO).