If you're having trouble at any stage please contact us at support@skyformation.com.
Preface
The goal of this guide is to add a new SkyFormation's Citrix Connector to your SkyFormation Platform.
Prerequisites
- Allow access to the entire *.sharefile.com addresses over SSL from the SkyFormation app
Choosing the authentication mode
SkyFormation for Citrix connector supports 3 different type of authentication modes, each with its own Pros and Cons. Please see below the different modes, choose the one you would like to use and follow its specific steps described below.
Authentication mode | ShareFile Admin must be present to onboard connector | Admin user/password | Supported via SkyFormation Open API |
oauth2 | Yes | Not required | No |
oauth2-password-grant | No | Used only once for API token creation and removed (not saved in app) |
Yes |
token | No | Not required | Yes |
Steps for oauth2 authentication method
- Create ShareFile API key Client Id and Client Secret for the connector to use
() Login to https://api.sharefile.com using your ShareFile admin credentials.
() Navigate to "Get an API Key"
() Fill in the following information:
- Application Name: Insert any name (e.g. skyformationApp)
- Description: Insert any description (e.g. Key for SkyFormation connector)
- Redirect URI: https://auth.skyformation.net/v1/oauth
Press "Generate API Key" when done
At the "Your API Keys" table at the bottom allocate the key just created take a note of the following Key's values:
- Client Id
- Client Secret
Steps to complete in your SkyFormation app (by a SkyFormation app admin)
1. Logon to your SkyFormation Platform:
2. Navigate via left navigation panel to "Settings" section
3. Navigate via New Settings left navigation panel to "Accounts" section
4. Click the "Add Account" bottom
5. At the "SELECT SERVICE TO ADD" choose "Citrix ShareFile"
6. Fill in the following information:
- Tenant (only available at the SkyFormation multi-tenant edition)
Assign the new connector to any of the existing tenants in SkyFormation app.
e.g. "default-connector"
- Account Name
Give the ShareFile account a meaningful name for you. This will become your cloud app
connector name displayed in the application and in each event collected from the
ShareFile and sent to external integrated SIEM system.
e.g. "Corporate Citrix ShareFile"
- Description
Add a text that describes the Citrix service account for you.
e.g. "The corp file sharing service"
- Authentication Method
Make sure "oauth2" is chosen (Steps needed to other methods described in this guide)
- Client-Id
Insert the Client-Id saved at the previous steps
- Client-Secret
Insert the Client-Secret saved at the previous steps
7. Authorize the cloud connector to communicate with the G Suite account
(should be done by a G-Suite administrator)
Press the button
This will popup a new window with request to grant the SkyFormation connector access
using the API key created to the ShareFile account. This will allow the SkyFormation
connector to interact with the ShareFile account to retrieve the audit events.
If you are OK with the permissions grant to the SkyFormation connector
Press "Login"
8. Test the settings correctness
Press the "TEST CONNECTION" button
If you see a green OK sign appears as above you have completed the onboard successfully.
9. Press DONE
10. Start the new connector
When a new cloud connector is added its default state is STOPPED.
To start it press its START button.
Steps for oauth2-password-grant
authentication method
IMPORTANT NOTE ABOUT THE ADMIN USER/PASSWORD
The admin user/password inserted in the connector setup are not saved in the app!!!
The user/password are used once by the connector to create the needed API key
and then completely removed.
Prerequisite: When 2-Factor authentication is enforced, an Application specific password needs to be generated - see this Citrix guide - https://support.citrix.com/article/CTX208336#apppw
- Create ShareFile API key Client Id and Client Secret for the connector to use
() Login to https://api.sharefile.com using your ShareFile admin credentials.
() Navigate to "Get an API Key"
() Fill in the following information:
- Application Name: Insert any name (e.g. skyformationApp)
- Description: Insert any description (e.g. Key for SkyFormation connector)
- Redirect URI: https://auth.skyformation.net/v1/oauth
Press "Generate API Key" when done - At the "Your API Keys" table at the bottom allocate the key just created
- Take a note of the following Key's values:
- Client Id
- Client Secret
Steps to complete in your SkyFormation app (by a SkyFormation app admin)
1. Logon to your SkyFormation Platform:
2. Navigate via left navigation panel to "Settings" section
3. Navigate via New Settings left navigation panel to "Accounts" section
4. Click the "Add Account" bottom
5. At the "SELECT SERVICE TO ADD" choose "Citrix ShareFile"
6. Fill in the following information:
- Tenant (only available at the SkyFormation multi-tenant edition)
Assign the new connector to any of the existing tenants in SkyFormation app.
e.g. "default-connector"
- Account Name
Give the ShareFile account a meaningful name for you. This will become your cloud app
connector name displayed in the application and in each event collected from the
ShareFile and sent to external integrated SIEM system.
e.g. "Corporate Citrix ShareFile"
- Description
Add a text that describes the Citrix service account for you.
e.g. "The corp file sharing service"
- Authentication Method
Make sure "oauth2-password-grant" is chosen
(Steps needed to other methods described in this guide)
- Sub-domain
Insert the ShareFile account subdomain name. This is the first part from your ShareFile
account DNS name.
e.g. If your ShareFile account URL is https://mycompany.sharefile.com
the Sub-domain name is mycompany
- Username
The user name of a ShareFile admin
- Password
The password of the ShareFile admin user
7. Test the settings correctness
Press the "TEST CONNECTION" button
If you see a green OK sign appears as above you have completed the onboard successfully.
8. Press DONE
9. Start the new connector
When a new cloud connector is added its default state is STOPPED.
To start it press its START button.
Steps for token authentication method
Please contact support@skyformation.com to get the instructions for using this method.
DONE !
Comments
0 comments
Please sign in to leave a comment.