Centrify Integration

Caveat: the following directions were based on a Centrify UI when it was written. The UI may change by the time you read this and so Centrify UI updates are beyond the scope of this article. Please go to Centrify for their latest information on web applications and other integrations.

The Centrify Application

Centrify provides an identity provider service that has its users and roles management.

These external users can be integrated with Synthetic Monitoring, allowing Log in Single Sign-On as a login method.

Integration Requirements

Centrify Management Access

  • To complete the integration, you need access to the Centrify Management Console, set up Synthetic Monitoring as a service provider, and add roles and users.

  • You must log in with a Centrify user with a System Administrator role.

Synthetic Monitoring as Centrify Application

  • The integration requires you to set up Synthetic Monitoring as a Centrify custom application.


Centrify SSO Overview & Setup

Preparation

The integration setup consists of multiple steps. Configuration consists of two major parts:

A. Configuring the Centrify Application.

B. Configuring Apica Synthetic Monitoring for Single Sign on.

To perform the integration, you must copy information to and from Synthetic Monitoring.

Since you will be going back and forth, opening both applications before starting is a good idea.

Centrify

Synthetic Monitoring

  • Open Synthetic Monitoring

  • Open Centrify SSO Centrify

  • Turn on the Centrify SSO Enable setting

  • Leave the window open

A. Configure the Centrify Application for SAML

Step 1: Configure SAML in Centrify

  • Add the SAML Web Application in Centrify

  • Add Synthetic Monitoring to Centrify as a custom web application.

  • Click Apps in the menu

  • Click Add Web Apps

  • Click Custom

  • Find SAML in the list

  • Click Add

Step 2: Configure ASM in Centrify

  • Add the Centrify SSO Service Provider information from your ASM

  • Add Synthetic Monitoring to Centrify as a custom web application.

Application Settings

Before Synthetic Monitoring can be used with Centrify, it must be configured.

Configure

  • Click the application in the list to edit it

Settings from Synthetic Monitoring

The application settings are taken from Synthetic Monitoring. You can find your values in the Centrify SSO Service Provider section of the Single Sign-On account settings.

Option

Use ASM value

Assertion Consumer Service URL

Assertation Consumer Service URL

Issuer

Issuer

Note: The URLs should be HTTPS URLs.

Values for Synthetic Monitoring

Certain values need to be copied from Centrify and pasted into the Centrify SSO Identity Provider section of the Single Sign-On account settings.

Value

Apply to

Identity Provider SAML Meta data URL

SAML Metadata URL

  • Click Save

Script

Add a script to generate the SAML assertion for the application.

1. Add Script

2. Click Advanced

3. Delete all the contents of the Script field

4. Copy the following script

setIssuer(Issuer);
setSubjectName(UserIdentifier);
setAudience('<https://synthetic.apicasystem.com/AuthServices>');
setRecipient(ServiceUrl);
setHttpDestination(ServiceUrl);
setSignatureType('Response');
setAttribute('Username', LoginUser.Username);
setAttribute('Fullname', LoginUser.DisplayName);
setAttribute('Email', LoginUser.Email);
setAttributeArray('Roles', LoginUser.RoleNames);

5. Paste the script into the script field

6. Click Save

Description

Add a description to distinguish the application in the interface.

1. Add Description

2. Click Description

Item

Description

Application Name

Display name.

Application Description

Description

Category

Sorting category for the app selector.

Logo

Display logo.

3. Enter information as needed.

5. Click Save


Configuring ASM for SAML and Centrify

The configuration of Synthetic Monitoring for https://www.centrify.com/ follows the general process.

To access the SSO settings in ASM, click the button in the top right corner of the User view.

The SSO view contains all settings needed to connect a user account with a SAML provider account.


Configuration

1. Enable

The Enabled section contains a setting for enabling or disabling Single Sign-On for the account and applies to the current account only.

2. Identity Provider

The Identity Provider section contains settings for connection to the SAML provider.

2.a. Use SAML Metadata URL

If the SAML provider has a SAML metadata URL, you can use that. The needed login URL and certificate will be extracted automatically.

Item

Description

Defaul Regional Setting

Standard timezone to use for accounts in the customer.

Default Time Zone

Standard timezone to use for accounts in the customer.

2.b. Specify Settings

For other SAML providers, you may need to specify settings manually.

Item

Description

Comment

Sign-Up URL

Provider Login URL.

Can be found in the provider's settings.

Signing Certificate

Certificate for sign-in.

Can be downloaded from the provider app settings.

Was this helpful?