Users logging in with company credentials – commonly referred to as SAML or Single Sign-On – will now have an updated first-time login experience based on the account and user configuration.
If the account or user falls into one of the following 3 configurations, the user(s) will be auto confirmed on creation. This means that instead of going through a user activation flow during their first time logging in to ShareFile, they will be taken directly into the application.
1. If Require SSO Login is set to ‘yes’ within the Single sign-on / SAML 2.0 Configuration section under Admin Settings > Security > Login & Security Policy Page then users that do not have any admin permissions will go directly into the application upon first login and skip the user activation flow. Anyone with an Admin permission within ShareFile will still need to go through the traditional user activation flow.
2. If the following two items are ‘true’ then the end user will go directly into the application and skip the user activation flow:
- Enable SAML is set to yes and the administrator on the account and successfully configured a SAML Identity Provider
- The end user is an employee user and does not have permission to ‘Change his/her password’
3. If the admin has called into ShareFile support and enabled their login page to redirect to their SAML login page, then all users will go directly into the application upon first time logging in and will skip the user activation flow.
- Note, when this is configured, all users will be taken directly to the accounts SAML login page instead of the ShareFile split screen login page – this includes admins and client users which means everyone must be in your Active Directory if you want them to login. Please speak with a ShareFile representative to discuss any draw backs of enabling this login page on your account.
What does this mean for my end user?
This means that if a user falls into any of the above three configurations, either based on the account configuration or how you configured the user’s permissions, then upon first time logging into ShareFile they will skip the user activation flow, as depicted via the screenshots below, and will instead be taken directly into ShareFile.
In the case where the employee is auto confirmed, then they also will not receive a welcome email if created directly via the API or User Management Tool. It is expected that the administrator either sends their own welcome email, or does a bulk welcome email resend from within the ShareFile Web Application. If the user was created from within the ShareFile Web Application, you can still choose to send a welcome email, though the activation link in the email will take the user directly to “https://[subdomain].sharefile.com”, and they will be able to log in with their Active Directory credentials immediately.