SSO - Centrify

Features and Functionality
Last Updated:
February 21, 2023
by
Jesse Langstaff
| Version: 12
| 2,781 views
| 0 followers
 
members are following updates on this item.
Last Updated:
February 21, 2023
by
Jesse Langstaff
| Version: 12
2,781
0
 
members are following updates on this item.
Authentication

Overview

The following documentation will outline the process of setting up the Igloo SSO App with Centrify. It will also cover configuring a digital workplace to interact with Centrify SSO.

Configure SSO within Centrify

Centrify’s article Configuring Single Sign-On gives a background on Centrify SSO.

1. Navigate to Centrify’s Apps and click Add Web Apps

The Add Web Apps button.

2. Add the Igloo SAML App

Search for Igloo and click the Add button next to the Igloo SAML option.

The Igloo Web App.

Confirm this selection.

The add app confirmation window.

3. Enter your Igloo URL

If your digital workplace is a subdomain of igloocommunities.com, enter its name on the Settings page text box Your Subdomain on Igloo. Save this change.

The subdomain field.

If your digital workplace uses a different URL, change the value of the Service URL located in the Custom Logic section of the SAML Response page.

By default, this value will be:

var ServiceUrl = 'https://' + CorpIdentifier + '.igloocommunities.com/saml.digest';

Change this value to include your digital workplaces URL. Include the saml.digest path.

var ServiceUrl = 'https://mydigitalworkplace.com/saml.digest';

Save your changes.

4. Modify the SAML Response

Navigate to the app’s SAML Response Page. Add the attributes displayed below and then save this change.

The attributes sent in the SAML response.

5. Modify User Access

Navigate to the app’s User Access Page. Add the Roles that represent users and groups that should have access to this application.

The user access page.

6. Modify Account Mapping

Navigate to the app’s User Access Page. Select Directory Service Field and enter mail into the Directory Service field name text box.

The Directory Service field name.

7. Collect information needed for Igloo configuration

Navigate to the app’s Trust Page. Select Manual Configuration and copy the IdP Login URL, IdP Logout URL, and Signing Certificate. These will be needed when configuring SSO within Igloo.

The Trust page.

Configure SSO within Igloo

The remaining steps of this process will take place in your digital workplace.

8. Open the Control Panel

The Control Panel can be found by selecting the cog in the upper right-hand corner of the screen.

9. Select your Sign in Settings

From your Control Panel, select Sign in Settings located underneath the Membership heading.

10. Select configure SAML Authentication

At the bottom of the Sign in Settings options, there is a link Configure SAML Authentication, select it.

11. General configuration

  • Connection Name: This value will appear on the SAML button.
  • IdP Login URL: Copy the URL associated with the IdP Login URL found in step 7.
  • IdP Logout URL: Copy the URL associated with the IdP Logout URL found in step 7.
  • Logout Response and Request HTTP Type: Select Post.
  • Logout Final Redirect URL: Navigate users to this URL when they logout.
  • Binding Type: Select Post.
  • Public Certificate: Copy the contents of the Signing Certificate file found in step 7.

12. Response and Authentication Configuration

  • Identity Provider: Select Centrify.
  • Identifier Type: Select Email Address.
  • Email Attribute: Enter the attribute name that was assigned to the Attribute Value LoginUser.FirstName. Step 6 set this value to FName.
  • First Name Attribute: Enter the attribute name that was assigned to the Attribute Value LoginUser.LastName. Step 6 set this value to LName.
  • Last Name Attribute: Enter the attribute name that was assigned to the Attribute Value LoginUser.Email. Step 6 set this value to Email.
  • Drift Time (In Seconds): Leave at its default value. This number can be increased if the authentication process is timing out.

13. User creation on Sign in

Select how your digital workplace handles users who attempt to sign in to your digital workplace when they have valid credentials but are not members of the workplace. 

If your digital workplace uses the ILST to manage members, select Do not create new users when they sign in to avoid the creation of duplicate user accounts.

14. Sign in Settings

Select Redirect all users to IdP if you would like users to be automatically redirected to your IdP’s login page when they navigate to your digital workplace without being signed in. Use SAML button on “Sign in” screen to use the Igloo Authentication page with an added button to navigate to your IdP’s sign in page.

15. Save your Igloo SAML settings and test logging in with them

Click Save to apply these settings.

Related Content (2)

  • Managing the authentication method of a workplace using the EAP
    /support/knowledgebase/all_articles/articles/create_configuring_a_networked_enterprises_authentication_method
    Wiki
    published
    February 19, 2019
    by
    Jesse Langstaff
    Use the Enterprise Administration Panel (EAP) to select how users sign in to their digital workplace. While you can also configure the authentication method from EAP, it is recommended that you go to …
  • Authentication
    /support/knowledgebase/all_articles/articles/authentication
    Wiki
    published
    September 4, 2017
    by
    Matthew Seabrook
    What is it?Authentication is the process whereby users login to their digital workplace. Our platform offers three methods of authentication: Igloo Auth, SAML and LDAP Auth. LDAP and SSO authenticat…
Viewed 2,781 times