Articles in this section

See more

Adding Citrix ShareFile connector to the SkyFormation platform

Avatar
Nadav Lavy (Greenberg)
  • Updated
Follow

If you're having trouble at any stage please contact us at support@skyformation.com

Preface

The goal of this guide is to add a new SkyFormation's Citrix Connector to your SkyFormation Platform.

Prerequisites

  1. Allow access to the entire *.sharefile.com addresses over SSL from the SkyFormation app

Choosing the authentication mode

SkyFormation for Citrix connector supports 3 different type of authentication modes, each with its own Pros and Cons. Please see below the different modes, choose the one you would like to use and follow its specific steps described below.

Authentication mode ShareFile Admin must be present to onboard connector Admin user/password Supported via
SkyFormation Open API
oauth2 Yes Not required No
oauth2-password-grant No Used only once for API token creation and removed
(not saved in app)		 Yes
token No Not required Yes


Steps for oauth2 authentication method 

  1. Create ShareFile API key Client Id and Client Secret for the connector to use

    () Login to https://api.sharefile.com using your ShareFile admin credentials.
    () Navigate to "Get an API Key"

        

    () Fill in the following information:
        - Application Name: Insert any name (e.g. skyformationApp)
        - Description: Insert any description (e.g. Key for SkyFormation connector)
        - Redirect URI: https://auth.skyformation.net/v1/oauth 


   

Press "Generate API Key" when done

At the "Your API Keys" table at the bottom allocate the key just created take a note of the following Key's values:
- Client Id
- Client Secret

Steps to complete in your SkyFormation app (by a SkyFormation app admin)

1. Logon to your SkyFormation Platform:

2. Navigate via left navigation panel to "Settings" section

3. Navigate via New Settings left navigation panel to "Accounts" section

4. Click the "Add Account" bottom

5. At the "SELECT SERVICE TO ADD" choose "Citrix ShareFile" 

6. Fill in the following information:

   - Tenant (only available at the SkyFormation multi-tenant edition)
      Assign the new connector to any of the existing tenants in SkyFormation app.

      e.g. "default-connector"

   - Account Name
      Give the ShareFile account a meaningful name for you. This will become your cloud app
      connector name displayed in the application and in each event collected from the
      ShareFile and sent to external integrated SIEM system.

      e.g. "Corporate Citrix ShareFile"     

    - Description
      Add a text that describes the Citrix service account for you.

      e.g. "The corp file sharing service"

    -  Authentication Method
       Make sure "oauth2" is chosen (Steps needed to other methods described in this guide)

  -    Client-Id
       Insert the Client-Id saved at the previous steps

  -    Client-Secret
       Insert the Client-Secret saved at the previous steps

7. Authorize the cloud connector to communicate with the G Suite account
    (should be done by a G-Suite administrator)

         Press the button 

    

        This will popup a new window with request to grant the SkyFormation connector access
        using the API key created to the ShareFile account. This will allow the SkyFormation
        connector to interact with the ShareFile account to retrieve the audit events. 

        If you are OK with the permissions grant to the SkyFormation connector
        Press "Login"

 

8. Test the settings correctness 

    Press the "TEST CONNECTION" button

     test_connection_success.png 

    If you see a green OK sign appears as above you have completed the onboard successfully.

 

9. Press DONE   

 

10. Start the new connector

     When a new cloud connector is added its default state is STOPPED.

    To start it press its START button. 

Steps for oauth2-password-grant
         authentication method

           IMPORTANT NOTE ABOUT THE ADMIN USER/PASSWORD
           The admin user/password inserted in the connector setup are not saved in the app!!! 
           The user/password are used once by the connector to create the needed API key
           and then completely removed.

Prerequisite: When 2-Factor authentication is enforced, an Application specific password needs to be generated - see this Citrix guide - https://support.citrix.com/article/CTX208336#apppw

  1. Create ShareFile API key Client Id and Client Secret for the connector to use

    () Login to https://api.sharefile.com using your ShareFile admin credentials.
    () Navigate to "Get an API Key"
    () Fill in the following information:
        - Application Name: Insert any name (e.g. skyformationApp)
        - Description: Insert any description (e.g. Key for SkyFormation connector)
        - Redirect URI: https://auth.skyformation.net/v1/oauth 
        
        Press "Generate API Key" when done

  2. At the "Your API Keys" table at the bottom allocate the key just created
  3. Take a note of the following Key's values:
    - Client Id
    - Client Secret

Steps to complete in your SkyFormation app (by a SkyFormation app admin)

1. Logon to your SkyFormation Platform:

2. Navigate via left navigation panel to "Settings" section

3. Navigate via New Settings left navigation panel to "Accounts" section

4. Click the "Add Account" bottom

5. At the "SELECT SERVICE TO ADD" choose "Citrix ShareFile" 

6. Fill in the following information:

   - Tenant (only available at the SkyFormation multi-tenant edition)
      Assign the new connector to any of the existing tenants in SkyFormation app.

      e.g. "default-connector"

   - Account Name
      Give the ShareFile account a meaningful name for you. This will become your cloud app
      connector name displayed in the application and in each event collected from the
      ShareFile and sent to external integrated SIEM system.

      e.g. "Corporate Citrix ShareFile"     

    - Description
      Add a text that describes the Citrix service account for you.

      e.g. "The corp file sharing service"

    -  Authentication Method
       Make sure "oauth2-password-grant" is chosen
       (Steps needed to other methods described in this guide)

    -  Sub-domain
       Insert the ShareFile account subdomain name. This is the first part from your ShareFile
       account DNS name.

       e.g. If your ShareFile account URL is https://mycompany.sharefile.com
              the Sub-domain name is mycompany 

  -    Username
       The user name of a ShareFile admin

  -    Password
       The password of the ShareFile admin user
 

 

7. Test the settings correctness 

    Press the "TEST CONNECTION" button

     test_connection_success.png 

    If you see a green OK sign appears as above you have completed the onboard successfully.

 

8. Press DONE    

9. Start the new connector

     When a new cloud connector is added its default state is STOPPED.

    g_suite_added_and_stopped_status.png

    To start it press its START button. 

g_suite_added_and_running_status.png
    

Steps for token authentication method 

Please contact support@skyformation.com to get the instructions for using this method. 

   

DONE ! 

Related articles

Comments

0 comments

Please sign in to leave a comment.