Typically an admin will want to lock in ShareFile sharing settings for all their employees, specifically for those using the ShareFile Outlook Plug-in (OLP). Luckily, with the OLP you can do this, though historically you had to contact ShareFile’s support staff. However, not too long ago, ShareFile updated their ‘Admin’ section within the ShareFile Web Application to allow admins to configure their OLP without needing to contact support. To configure your OLP settings follow these simple steps:
Log into your ShareFile account as an admin with the permission to ‘Modify account-wide policies’
Navigate to the following pages:
Click ‘Configure Outlook Plug-in’
From this modal you can configure important security settings such as whether or not recipients of files/emails sent through the OLP must log into ShareFile before consuming the share, how long the link is live for, how many downloads of the file before the share link will expire and even customize what the OLP banner looks like.
To make changes, select a specific tab on the left, find the section you wish to customize and make your change. Note, ‘Set as default’ is only the default for that option and the end-user can change the setting as they see fit within the OLP Options page from within Outlook. While on the other hand, ‘Prevent user changes’ will lock in the settings and prevent a user from changing them within the OLP Options page.
It has come to my attention that many people do not know you can send a file using the ShareFile Outlook Plug-in but instead of starting in Outlook, you can simply right click the file from your desktop or from windows explorer.
To do this follow these simple steps:
Locate the file you want to send
Right click the file and select “Send to” followed by “Mail Recipient with ShareFile”
A new email message auto loads with the file attached using the ShareFile Outlook Plug-in
Finish the email (add who to send the file today, subject, body, etc.)
You can disable the ability for your employees to configure ShareFile Sync (for Windows and Mac) if they do not have a specific registry/.plist key on their device. Below is how you would accomplish this.
In your ShareFile account navigate to Admin -> Power Tools -> Sync
Change the drop down from “Enabled” to “Disabled.” You will now have the option to generate a key which will be used within the devices registry or .plist.
Windows: for more information visit the ShareFile Knowledge Base article
On the user’s device go to HKEY_CURRENT_USERSoftwarePoliciesCitrixShareFileEnterpriseSync and add the following registry key:
Key Type: REG_SZ
Set the value to the custom key generated within the Web UI
On the user’s device go to the following .plist, com.citrix.ShareFileFL.SFSyncEngine.plist
Set the value of the String to the custom key generated within the Web UI
Once you have both ADFS 2.0 and ShareFile StorageZone Controller installed on separate servers, your StorageZone Controller data is already content switched (how to set this up), then content switching your ADFS traffic on the same content switching vServer is quite simple.
First, create traditional Load Balancing rules for your ADFS 2.0 server within your Citrix NetScaler. Create the service, server and vServer. Note, in the screenshots below you will notice that I created my vServer as a non “Directly Addressable” vServer (thus 0 IP).
From here, configure a content switching policy for ADFS. The easiest way of doing this is to add a new policy by using your existing ShareFile Data content switching policy as a template.
When you create your ADFS content policy you will want to edit the second half of the expression. Remove || HTTP.REQ.URL.CONTAINS(“/sp”) and replace (HTTP.REQ.URL.CONTAINS(“/cifs/”) with (HTTP.REQ.URL.CTAINS(“/adfs/”). In the end your ADFS content switching policy will look similar to the following screenshot below.
Finally, add the new policy to your existing ShareFile content switching vServer. Make sure that the ADFS content switching policy is at the top of the priority list.