SSO - Centrify
The following documentation will outline the process of setting up the Igloo SSO App with Centrify. It will also cover configuring an Igloo digital workplace to interact with Centrify SSO.
Configure SSO within Centrify
Centrify’s article Configuring Single Sign-On gives a background on Centrify SSO.
1. Navigate to Centrify’s Apps and click Add Web Apps
2. Add the Igloo SAML App
Search for Igloo and click the Add button next to the Igloo SAML option.
Confirm this selection.
3. Enter your Igloo URL
If your digital workplace is a subdomain of igloocommunities.com, enter its name on the Settings page text box Your Subdomain on Igloo. Save this change.
If your digital workplace uses a different URL, change the value of the Service URL located in the Custom Logic section of the SAML Response page.
By default, this value will be:
var ServiceUrl = 'https://' + CorpIdentifier + '.igloocommunities.com/saml.digest';
Change this value to include your digital workplaces URL. Include the saml.digest path.
var ServiceUrl = 'https://mydigitalworkplace.com/saml.digest';
Save your changes.
4. Modify the SAML Response
Navigate to the app’s SAML Response Page. Add the attributes displayed below and then save this change.
5. Modify User Access
Navigate to the app’s User Access Page. Add the Roles that represent users and groups that should have access to this application.
6. Modify Account Mapping
Navigate to the app’s User Access Page. Select Directory Service Field and enter mail into the Directory Service field name text box.
7. Collect information needed for Igloo configuration
Navigate to the app’s Trust Page. Select Manual Configuration and copy the IdP Login URL, IdP Logout URL, and Signing Certificate. These will be needed when configuring SSO within Igloo.
Configure SSO within Igloo
The remaining steps of this process will take place in your Igloo community.
8. Open the Control Panel
The Control Panel can be found by selecting the cog in the upper right-hand corner of the screen.
9. Select your Sign in Settings
From your Control Panel, select Sign in Settings located underneath the Membership heading.
10. Select configure SAML Authentication
At the bottom of the Sign in Settings options there is a link Configure SAML Authentication, select it.
11. General configuration
- Connection Name: This value will appear on the SAML button.
- IdP Login URL: Copy the URL associated with the IdP Login URL found in step 7.
- IdP Logout URL: Copy the URL associated with the IdP Logout URL found in step 7.
- Logout Response and Request HTTP Type: Select Post.
- Logout Final Redirect URL: Navigate users to this URL when they logout.
- Binding Type: Select Post.
- Public Certificate: Copy the contents of the Signing Certificate file found in step 7.
12. Response and Authentication Configuration
- Identity Provider: Select Centrify.
- Identifier Type: Select Email Address.
- Email Attribute: Enter the attribute name that was assigned to the Attribute Value LoginUser.FirstName. Step 6 set this value to FName.
- First Name Attribute: Enter the attribute name that was assigned to the Attribute Value LoginUser.LastName. Step 6 set this value to LName.
- Last Name Attribute: Enter the attribute name that was assigned to the Attribute Value LoginUser.Email. Step 6 set this value to Email.
- Drift Time (In Seconds): Leave at its default value. This number can be increased if the authentication process is timing out.
13. User creation on Sign in
For most use cases it is recommended that the option Do not create new users when they sign in (Users not in manage members will be denied access) is selected. This results in your SSO being used for only Authentication, and it will not attempt to provision new users.
14. Sign in Settings
Select Redirect all users to IdP if you would like users to be automatically redirected to your IdP’s login page when they navigate to your digital workplace without being signed in. Use SAML button on “Sign in” screen to use the Igloo Authentication page with an added button to navigate to your IdP’s sign in page.
15. Save your Igloo SAML settings and test logging in with them
Click Save to apply these settings.