Lets get those seamless logons one step further!
There is a very good article on how to set up Citrix ShareFile with AD FS 3.0 for Integrated Windows Authentication for WebApp by Jason Samuel. To do this you will need:
- ShareFile Enterprise account
- Identity Provider (IdP), preferably AD FS 3.0
Once we have that SSO solution in place, we can easily take it one step further and apply this to ShareFile client applications as well. In this tutorial we will look into implementing Integrated Windows Authentication for ShareFile Sync and Drive Mapper.
Both applications come with Administrative templates that we can deploy via GPO. After the apps are installed, those templates can be found in:
- Sync – ‘C:\Program Files\Citrix\ShareFile\Sync\Configuration\PolicyDefinitions’
- Drive Mapper – ‘C:\Program Files\Citrix\ShareFile\DriveMapper\PolicyDefinitions’
Make sure to copy both .admx and .adml files or the GPO processing will fail. The number of times I’ve seen one of those files missing…
If you would like to test it locally you can copy the templates to ‘C:\Windows\PolicyDefinitions’
After templates are imported we can start modyfing settings with Group Policy Editor. Drive Mapper needs only Account setting set in format of mycompany.sharefile.com or .eu
While Sync needs to have Account and Authentication Type set. Account should be configured as above and Authentication Type set to ‘Windows Integrated Authenticaton’
Publishing GPO’s isn’t part of this article but there is plenty of information about that on the web. Once this is done and deployed your users should be able to enjoy seamless logons not only into the ShareFile web but also to the client applications.
Below you’ll find video demonstrating how this all works: