Centrify Integration

Caveat: the following directions were based on a Centrify UI when it was written. The UI may change by the time you read this and so Centrify UI updates are beyond the scope of this article. Please go to Centrify for their latest information on web applications and other integrations.

The Centrify Application

Centrify provides an identity provider service that has its users and roles management.

These external users can be integrated with Synthetic Monitoring, allowing Log in Single Sign-On as a login method.

Integration Requirements

Centrify Management Access

• To complete the integration, you need access to the Centrify Management Console, set up Synthetic Monitoring as a service provider, and add roles and users.

• You must log in with a Centrify user with a System Administrator role.

Synthetic Monitoring as Centrify Application

• The integration requires you to set up Synthetic Monitoring as a Centrify custom application.

Centrify SSO Overview & Setup

Preparation

The integration setup consists of multiple steps. Configuration consists of two major parts:

A. Configuring the Centrify Application.

B. Configuring Apica Synthetic Monitoring for Single Sign on.

To perform the integration, you must copy information to and from Synthetic Monitoring.

Since you will be going back and forth, opening both applications before starting is a good idea.

→ Centrify ←

• Go to Centrify management (for example, https://xyz0999.my.centrify.com/manage\)

• Log in with a Centrify System Administrator role user

• Leave the window open

→ Synthetic Monitoring ←

• Open Synthetic Monitoring

• Open Centrify SSO Centrify

• Turn on the Centrify SSO Enable setting

• Leave the window open

A. Configure the Centrify Application for SAML

Step 1: Configure SAML in Centrify

• Add the SAML Web Application in Centrify

• Add Synthetic Monitoring to Centrify as a custom web application.

• Click Apps in the menu

• Click Add Web Apps

• Click Custom

• Find SAML in the list

• Click Add

Step 2: Configure ASM in Centrify

• Add the Centrify SSO Service Provider information from your ASM

• Add Synthetic Monitoring to Centrify as a custom web application.

Application Settings

Before Synthetic Monitoring can be used with Centrify, it must be configured.

Configure

• Click the application in the list to edit it

Settings from Synthetic Monitoring

The application settings are taken from Synthetic Monitoring. You can find your values in the Centrify SSO Service Provider section of the Single Sign-On account settings.

Note: The URLs should be HTTPS URLs.

Values for Synthetic Monitoring

Certain values need to be copied from Centrify and pasted into the Centrify SSO Identity Provider section of the Single Sign-On account settings.

• Click Save

Script

Add a script to generate the SAML assertion for the application.

1. Add Script

2. Click Advanced

3. Delete all the contents of the Script field

4. Copy the following script

setIssuer(Issuer);
setSubjectName(UserIdentifier);
setAudience('<https://synthetic.apicasystem.com/AuthServices>');
setRecipient(ServiceUrl);
setHttpDestination(ServiceUrl);
setSignatureType('Response');
setAttribute('Username', LoginUser.Username);
setAttribute('Fullname', LoginUser.DisplayName);
setAttribute('Email', LoginUser.Email);
setAttributeArray('Roles', LoginUser.RoleNames);

5. Paste the script into the script field

6. Click Save

Description

Add a description to distinguish the application in the interface.

1. Add Description

2. Click Description

3. Enter information as needed.

4. Upload a suitable logo

5. Click Save

Configuring ASM for SAML and Centrify

The configuration of Synthetic Monitoring for https://www.centrify.com/ follows the general process.

To access the SSO settings in ASM, click the button in the top right corner of the User view.

The SSO view contains all settings needed to connect a user account with a SAML provider account.

Configuration

1. Enable

The Enabled section contains a setting for enabling or disabling Single Sign-On for the account and applies to the current account only.

2. Identity Provider

The Identity Provider section contains settings for connection to the SAML provider.

2.a. Use SAML Metadata URL

If the SAML provider has a SAML metadata URL, you can use that. The needed login URL and certificate will be extracted automatically.

2.b. Specify Settings

For other SAML providers, you may need to specify settings manually.