With the release of server update v188.8.131.52, Foldr can act as a SAML v2 SSO Identity Provider (IdP) or Service Provider (SP)
When Foldr is configured as the IdP, once a user has signed into Foldr, they can automatically sign into other third party platforms web services as Google G Suite or Office 365 from a My Apps dashboard with a single click. If a user isn’t signed into Foldr and they visit the integrated third party web server (Office 365 for example) they would enter their username and be redirected back to Foldr to authenticate via a dedicated SSO sign-in page.
Administrators can enhance the SSO user experience further for domain bound PCs and Macs by enabling Kerberos based SSO on the appliance along with the IdP component. With Kerberos SSO enabled, a domain bound client is automatically signed into Foldr, and is therefore also automatically signed into Office 365 / Google G Suite etc.
Once the IdP role has been enabled and configured, the Foldr administrator can enable each configured service to appear in the new ‘My Apps’ panel in the web interface to provide convenient links to pre-configured services as shown below. If the user clicks the Service Provider icon (i.e. Office 365) they will be signed in automatically to that web based service. Admin templates are also available for commonly used services or other services can be configured from scratch.
Service Providers in the Web Interface
Enabling the Foldr IdP
You can enable the service from within Foldr Settings >> SSO >> Identity Provider
IMPORTANT – The Foldr appliance must be able to authenticate with the directory before attempting to add service providers. Check within Foldr Settings >> General >> Test Settings that users accounts can authenticate and that the service account is configured as below.
To add a Service Provider (SP), firstly ensure you are browsing Foldr Settings via the URL that the service provider will be connecting to (i.e. do not browse using the internal IP address or internal DNS hostname) and click + Add New Service Provider
Single Sign-On IdP Configuration Screen
Select the appropriate SP template as required or select NONE if you wish to configure a different third party SP that is not listed.
Once you have configured your new Service Provider, the administrator can present it to users by using the ‘Show in users’ My Apps‘ toggle within Foldr Settings >> SSO >> Add a Service >> Permissions tab
Instructions for Office 365 & G Suite are available under the Tools tab when you are configuring either service.
Any other third party service that supports SAML (SP) single sign-on can be added to the Foldr IdP and presented to users in the My Apps section of the web interface. Please ask the service provider for the required SAML configuration.