Active Directory and SSO

How do you log in to both cloud solutions and on-premise applications?
Do you still have an on-premises Active Directory?
Do you also synchronize your on-premises Active Directory with single sign-on cloud solutions?

Active Directory - The identity system behind on-premise applications.

The identity system is one of the foundations of modern applications. On the on-premises network, Microsoft Active Directory is the de facto identity system that controls who can access Windows workstations and who can access which files and folders, as well as on-premises applications. When Triofox extends file service access to remote devices, Active Directory continues to be the identity system that controls file access.

Single Sign-on (SSO) - Extending Active Directory to cloud applications

As many applications migrate to the cloud, there are also many cloud-based identity systems that help solve the single sign-on problem. Most cloud-based single sign-on solutions start by installing a synchronization agent on the Active Directory domain server and synchronize Active Directory identities with the cloud. Azure Active Directory Connect, for example, is one way to synchronize Active Directory with Azure. Many other cloud-based identity systems work the same way. OneLogin, Okta, JumpCloud all have their own sync agent that supports migrating identities to the cloud. SAML is the common integration language that connects the identity system and the cloud-based application. Triofox has integration with Azure AD and SAML-based single sign-on solutions.

Method #1 - Local LDAPS Connection

If the Triofox server and Active Directory domain controllers are on the same local network, a direct LDAP/LDAPS connection is recommended for Active Directory integration. With Active Directory integration, users can continue to use their existing Active Directory identity to log in and use Triofox Drive applications from web browser file manager, Windows agent, macOS agent to mobile applications.

Method #2 - Azure AD Connection

If the organization already has a hybrid Azure AD /local Active Directory environment in place, the Azure AD connection is available to leverage Azure-based identity services for logging in and using the Triofox Drive application.

Method #3 - Generic SAML Single Sign-On

Organizations can choose their preferred identity service. For example, the most popular identity services besides Azure AD include OneLogin, Okta, Duo, and JumpCloud. All of these identity services offer a generic SAML-based single sign-on integration method. In this case, Triofox Drive is set up as a SAML consumer to connect to the SAML producer interface provided by identity service providers.

check out the incredible

Triofox Solution

Gladinet's Triofox solution makes the cloud file access solution interoperable with existing file server network shares and provides offline folder capabilities. It has integration with Active Directory, cloud drive mapping, global file locking and NTFS permission control. These native integrations make the file sharing solution an extension of the current file server rather than another data silo that takes away data.

Mapped Drive

A mapped drive over the HTTPS channel to the corporate file server is an important feature. Employees are familiar with a mapped drive and no additional training is required.

Active Directory

Enterprise users already have enterprise identities in Active Directory and the associated Active Directory federated service and SAML single sign-on. They do not need additional credentials to access a file sharing solution.

File Locking

Most file sharing solutions provide manual file locking in the form of "check in" and "check out". Triofox provides automatic file locking by detecting requests to open files. When Microsoft Word opens a file, file locking is automatically initiated and automatically terminated when file processing is complete.

File Permissions

Finally, integration with Active Directory and NTFS permissions makes it easier for system administrators to set up permission control. The permissions features set Gladinet's solution apart from the competition.

Do you want to add these features to the VPN?

Offline Editing

A traditional VPN requires a stable and active connection to the corporate firewall to function. A disruption of the Internet or an interrupted connection to the firewall interrupts employees' work with unsaved files. With offline editing, remote workers can save and edit documents without an active connection and save the files asynchronously to a corporate file server once the connection is restored.

Always On

A firewall provider typically offers VPN without an always-on feature. Always-on VPN requires more infrastructure components, such as an identity server, an authentication server, a compatible client OS, etc. However, most modern cloud applications are always-on, allow offline access to files and folders, and allow files to be stored on a local device before being synchronized with the online servers.

High Performance

Accessing file servers is hardly high performance, because when a VPN allows it, file access communicates via the SMB/CIFS protocol. First of all, the SMB protocol is not a data streaming protocol with many requests and responses. If we can switch to HTTP streaming for file transfer, performance will improve. Second, HTTP-based file transfer traffic can take advantage of a global content delivery network, so HTTP is faster for cross-continent transfer.

提高移动员工的远程工作效率!