To configure SSO with Centrify, you'll need to be logged into your Highfive Admin Dashboard, as well as your Centrify dashboard.
Create a new application in Centrify
- In the top menu bar, click Apps, and then Add Web App.
- Click on the Custom tab, then click on SAML.
- On the next screen, click Yes.
- Lastly, click Close on this page to bring you to the configuration section of your newly created app.
- On the left hand side of the screen, click on Description. Name the application, give it a description of your choice.
- If you desire, you can upload the Highfive logo below to make your app more easily identifiable:
- Next, configure the app. On the left hand side of the screen, click on Application Settings.
- In the field marked Assertion Consumer Service URL, paste your Highfive SSO URL, found under the Authentication tab in your Highfive Admin Dashboard.
- Next, add your custom parameters. Highfive requires two separate fields for the principal first name and last name. The default "out of the box" Centrify configuration provides for only a single field for principal display name as you can see below:
- To configure Centrify as a SAML Identity Provider for use with Highfive, you must modify the directory schema to provide the name in two fields, firstname (user.firstName) and lastname (user.lastName).
- Now, you must provide Highfive with your SAML information. First, click on Application Settings in Centrify, then in another tab, open the Authentication tab of your Highfive Admin Dashboard. You'll want to copy and paste the information from Centrify into Highfive. Some of the names might be slightly different, so here's a conversion chart to help you out:
Name in Highfive Name in Centrify SAML Provider URL Identify Provider Sign-in URL SAML Provider Issuer Issuer SAML Provider X.509 Certificate Signing certificate
- Copy and paste the information you've collected into the corresponding fields within your Highfive Admin Dashboard:
- To get your X.509 certificate, you'll need to click Download Signing Certificate. Then, open this file in a text enditor and copy the entire contents of the file, including the BEGIN CERTIFICATE & END CERTIFICATE lines. From there, you can paste it into the Highfive Admin Dashboard.
Test the configuration
Make sure all of the information has been provided correctly by clicking 'Test Configuration.' If everything is correct, you'll get this success message:
Apply the configuration
This is important, as nothing will be saved if you don't click Apply configuration.
And that's it! From now on, when your users go to login to Highfive, they'll be redirected to an Centrify sign in flow. They'll login with their Centrify credentials, and then be redirected back to the app.