Configuring certificate-based authentication for FilePass

To enable certificate-based authentication (CBA) on FilePass, configure the following KVPs on Core:

Key

Description

filepass_key_identifier

The value for this is a string used to derive Cipher keys which is used to encrypt and decrypt files (using AC SDK) through FilePass app.

Value:

Enter a unique and complex alphanumeric string in the value field.

The value for this key-value pair needs to be same for the all the supported apps(Docs@Work, Email+, and FilePass) participating in file sharing.

If Filepass_key_identifier does not have same values across FilePass app and Docs@Work then:
- Importing files from Office apps to Docs@Work will fail.
- Sharing files from Docs@Work to Microsoft Office apps using FilePass will fail.

username

The value for this key-value pair is used to login and enroll to Microsoft Azure portal.

Value:

$EMAIL$ is recommended for Core

Enter a user identifying user name variable for enrolling to Microsoft Azure Portal.

IdCertificate_<number>

Name of the certificate enrollment that corresponds to the user certificate.

IdCertificate_<number>_host

URL for the ADFS to which the certificate will be presented. Example: myhost.mycompany.com

For more information on configuring KVPs, see Configuring certificate-based authentication for FilePass and Main steps for configuring FilePass for iOS (Cloud) sections.

For CBA, FilePass app on the device connects to FilePass Auth Azure application which requires admin approval. User is prompted to request approval for FilePass Auth Azure application, if not already granted by the admin. Admin can grant tenant-wide permission to FilePass Auth Azure application by one of the following ways:

  • Admin consent: This allows the admins to securely grant access to the applications that need admin approval. Login to FilePass using admin account and provide consent by clicking Accept (recommended). For more information see, Enable admin consent workflow.
  • Approval request: The users can request admin approval for an application that they are unauthorized to consent. The admin logs in Azure portal and approves the requests from the users. For more information on how to get admin consent through user request, see User request admin consent.
  • URL based approval: The admin directly granting permission FilePass Auth Azure application using the URL. All users will be able to use the application without additional approvals. URL similar to the following is displayed:

https://login.microsoftonline.com/{tenant-id}/adminconsent?client_id=e8174e3d-c579-4575-bf20-afe069315bdf

For more information on how to grant tenant-wide admin consent to an application, see Grant admin consent.