Configuring Single Sign On with Centrify

This article covers a feature that is available for customers who have upgraded to our Standard or Professional plans. Learn more here.

Below is information on setting up Single Sign ON (SSO) with Centrify. For general information about SSO, please refer to this main article

To configure SSO with Centrify, you'll need to be logged into your Domain Dashboard in Highfive, as well as your Centrify dashboard. 

Step 1: Create a new application in Centrify

In the top menu bar, click Apps, and then Add Web App

Step 2: Click on the tab that says Custom, then click on SAML

On the next screen, click yes. 

Lastly, click Close on this page to bring you to the configuration section of your newly created app. 

Step 3: Add an app description

On the left hand side of the screen, click on Description. Name the application, give it a description, and upload the below logo if you choose. 

Square logo:

Step 4: Configure the application

On the left hand side of the screen, click on Application Settings. In the field marked Assertion Consumer Service URL, paste your Highfive SSO URL, found under the Authentication tab in your Highfive Domain Dashboard

Step 5: Add customer parameters

Highfive requires two separate fields for the principal first name and last name. The default "out of the box" Centrify configuration provides for only a single field for principal display name as you can see below:

To configure Centrify as a SAML Identity Provider for use with Highfive, you must modify the directory schema to provide the name in two fields, firstname (user.firstName) and lastname (user.lastName). 

Step 7: Provide Highfive with your SAML information

First, click on Application Settings in Centrify, then in another tab, open the Authentication tab of your Highfive Domain Dashboard. You'll want to copy and paste the information from Centrify into Highfive. Some of the names might be slightly different, so here's what you're looking for. 

Name in Highfive  Name in OneLogin
SAML Provider URL Identity Provider Sign-in URL
SAML Provider Issuer Issuer
SAML Provider X.509 Certificate Signing certificate 

As a note, to get your X.509 certificate, you'll need to click Download Signing Certificate. Then, open this file in a text enditor and copy the entire contents of the file, including the BEGIN CERTIFICATE & END CERTIFICATE lines. From there, you can paste it into Highfive. 

Lastly, paste that information into the appropriate fields below: 

Step 9: Test the configuration 

Make sure all of the information has been provided correctly by clicking 'Test Configuration.' If everything is correct, you'll get this success message: 

Step 10: Click apply configuration

This is important, as nothing will be saved if you don't click Apply configuration

And that's it! From now on, when your users go to login to Highfive, they'll be redirected to an Centrify sign in flow. They'll login with their Centrify credentials, and then be redirected back to the app. 

Have more questions? Submit a request

Comments

Powered by Zendesk