Integrate Egnyte with Zero Trust Network Access

In this topic, you will find general instructions on how to integrate Egnyte with Portnox™ Zero Trust Network Access using the conditional access method.

Create a Portnox Cloud application configuration

In this step, you will create a configuration in Portnox Cloud that will contain all the information necessary to integrate with Egnyte.

  1. In a new tab of your browser, open your Portnox Cloud account by accessing the following URL: https://clear.portnox.com/

    From now on, we will call this tab the Portnox tab.

  2. In the Cloud portal top menu, click on the Zero Trust Resources option.

  3. On the Resources screen, click on the Create resource button.

    1. In the What type of resource is this? section, select the SSO web resource option.
    2. In the Authentication protocol section, select the SAML option.
    3. Click on the Next button.

  4. Optional: If you have more than one SAML identity provider configured, select the identity provider in the Select an identity provider to use for this resource section.
  5. In the Resource details section, enter a Resource name and optionally a Description.

    In this example, we used the name Egnyte for the new application configuration but you can use any name you like.

  6. Keep this browser tab open. You will need it later.

Configure your Egnyte single sign-on settings

In this section, you will access your Egnyte configuration and find the single sign-on (SSO) settings.

  1. In another tab of your browser, log in to your Egnyte tenant by accessing the following URL: https://your_tenant.egnyte.com/, where your_tenant is the name of your Egnyte tenant. Then, log in with an account that has administrative privileges in Egnyte.

    From now on, we will call this tab the Egnyte tab.

  2. In your Egnyte dashboard, click on the Settings option in the left-hand side menu, then expand the Configuration option from the second menu, and then click on the Security & Authentication option.

  3. In the Security & Authentication pane, scroll down to the Single Sign-on Authentication section and select the SAML 2.0 value in the Single sign-on authentication field.

  4. In the Identity provider field, select the AzureAD option.

    Note: We tested other Egnyte SSO identity provider configurations, and this is the only setting that correctly supports the SAML 2.0 workflow with Portnox Cloud. This setting works for all identity providers in Portnox Cloud, including Entra ID and Google Workspace.

Export metadata from the Portnox tab and upload it in the Egnyte tab

In this section, you will export the metadata from Portnox Cloud into a file and import that file with Egnyte.

  1. In the Portnox tab, in the SAML metadata section, click on the Download metadata XML file link to download the XML file and save it to your local drive.

  2. In the Egnyte tab, click on the import metadata XML link in the IDENTITY PROVIDER CONFIGURATION section, and then upload the XML file downloaded from Portnox Cloud.

    The Identity provider login URL, Identity provider entity ID, and Identity provider certificate fields should now include the values exported from Portnox Cloud.

Enter configuration values on the Portnox tab

In this section, you will enter relevant configuration values in Portnox Cloud.

  1. In the Portnox tab, in the Resource properties section, click on the empty field under the Entity ID / Service Provider Entity URL heading and enter the following value: https://your_tenant.egnyte.com, where your_tenant is the name of your Egnyte tenant.

  2. In the Portnox tab, in the Resource properties section, click on the empty field under the Assertion Consumer Service (ACS) URL / Reply URL heading and enter the following value: https://your_tenant.egnyte.com/samlconsumer, where your_tenant is the name of your Egnyte tenant.

Finalize the configuration

In this section, you will finalize the configuration in Portnox Cloud and Egnyte.

  1. Finalize the configuration in the Portnox tab.
    1. Optional: In the Policy enforcement section, in the Device risk assessment section, change the setting to Override with custom policy and then select a risk assessment policy if you want to assess risk with this application using a custom risk assessment policy, and in the Access control section, change the setting to Override with custom policy and then select an access control policy if you want to control access to this application using a custom access control policy.
    2. Scroll all the way down to the end of the page, and then click on the Save and Close button.

  2. Finalize the configuration in the Egnyte tab.
    1. In the Default user mapping field, select the Email address value.

    2. Activate the Use domain-specific Issuer value switch.

    3. Click on the Save changes button.

    4. In the left-hand side Settings menu, expand the Users & Groups option, and then click on the Users option.

    5. For each user that you want to use Zero Trust Network Access, hover over the user entry in the table, and then click on the Details button

    6. In the user details pane, in the Profile tab, change the Authentication field value to SSO, and then click on the Save button.

      Important: Only Power User and Administrator accounts (including service accounts) have access to SSO, standard users do not. We recommend that you create at least one administrative user or service account with regular password login, in case of any problems with SSO sign-in.

Result: You have configured Egnyte to be accessible using Portnox Zero Trust Network Access.