Configuring Single Sign On with Centrify

 

Customers on select Highfive plans have the ability to configure Single Sign On (SSO). For general information about SSO, please refer to this main article

 

To configure SSO with Centrify, you'll need to be logged into your Highfive Admin Dashboard, as well as your Centrify dashboard. 

 

 

Create a new application in Centrify

  1. In the top menu bar, click Apps, and then Add Web App





  2. Click on the Custom tab, then click on SAML.



  3. On the next screen, click Yes



  4. Lastly, click Close on this page to bring you to the configuration section of your newly created app. 



  5. On the left hand side of the screen, click on Description. Name the application, give it a description of your choice.
  6. If you desire, you can upload the Highfive logo below to make your app more easily identifiable:





  7. Next, configure the app. On the left hand side of the screen, click on Application Settings. 
  8. In the field marked Assertion Consumer Service URL, paste your Highfive SSO URL, found under the Authentication tab in your Highfive Admin Dashboard



  9. Next, add your custom parameters. Highfive requires two separate fields for the principal first name and last name. The default "out of the box" Centrify configuration provides for only a single field for principal display name as you can see below:

    Centrify_Users_Account_Settings.png

  10. To configure Centrify as a SAML Identity Provider for use with Highfive, you must modify the directory schema to provide the name in two fields, firstname (user.firstName) and lastname (user.lastName). 
  11. Now, you must provide Highfive with your SAML information. First, click on Application Settings in Centrify, then in another tab, open the Authentication tab of your Highfive Admin Dashboard. You'll want to copy and paste the information from Centrify into Highfive. Some of the names might be slightly different, so here's a conversion chart to help you out:

    Name in Highfive Name in Centrify
    SAML Provider URL Identify Provider Sign-in URL
    SAML Provider Issuer Issuer
    SAML Provider X.509 Certificate Signing certificate


  12. Copy and paste the information you've collected into the corresponding fields within your Highfive Admin Dashboard

    Authentication_Blank.png

  13. To get your X.509 certificate, you'll need to click Download Signing Certificate. Then, open this file in a text enditor and copy the entire contents of the file, including the BEGIN CERTIFICATE & END CERTIFICATE lines. From there, you can paste it into the Highfive Admin Dashboard. 

 

 

 

Test the configuration 

 

Make sure all of the information has been provided correctly by clicking 'Test Configuration.' If everything is correct, you'll get this success message: 

 

 

 

 

Apply the configuration

 

This is important, as nothing will be saved if you don't click Apply configuration

 

And that's it! From now on, when your users go to login to Highfive, they'll be redirected to an Centrify sign in flow. They'll login with their Centrify credentials, and then be redirected back to the app. 

 

Brian Huynh -

Still have questions?

We're here to help

Powered by Zendesk