This article covers a feature that is available for customers who have upgraded to our Standard or Professional plans. Learn more here.
Below is information on setting up Single Sign ON (SSO) with Centrify. For general information about SSO, please refer to this main article.
To configure SSO with Centrify, you'll need to be logged into your Domain Dashboard in Highfive, as well as your Centrify dashboard.
Step 1: Create a new application in Centrify
In the top menu bar, click Apps, and then Add Web App.
Step 2: Click on the tab that says Custom, then click on SAML
On the next screen, click yes.
Lastly, click Close on this page to bring you to the configuration section of your newly created app.
Step 3: Add an app description
On the left hand side of the screen, click on Description. Name the application, give it a description, and upload the below logo if you choose.
Step 4: Configure the application
On the left hand side of the screen, click on Application Settings. In the field marked Assertion Consumer Service URL, paste your Highfive SSO URL, found under the Authentication tab in your Highfive Domain Dashboard.
Step 5: Add customer parameters
Highfive requires two separate fields for the principal first name and last name. The default "out of the box" Centrify configuration provides for only a single field for principal display name as you can see below:
To configure Centrify as a SAML Identity Provider for use with Highfive, you must modify the directory schema to provide the name in two fields, firstname (user.firstName) and lastname (user.lastName).
Step 7: Provide Highfive with your SAML information
First, click on Application Settings in Centrify, then in another tab, open the Authentication tab of your Highfive Domain Dashboard. You'll want to copy and paste the information from Centrify into Highfive. Some of the names might be slightly different, so here's what you're looking for.
|Name in Highfive||Name in OneLogin|
|SAML Provider URL||Identity Provider Sign-in URL|
|SAML Provider Issuer||Issuer|
|SAML Provider X.509 Certificate||Signing certificate|
As a note, to get your X.509 certificate, you'll need to click Download Signing Certificate. Then, open this file in a text enditor and copy the entire contents of the file, including the BEGIN CERTIFICATE & END CERTIFICATE lines. From there, you can paste it into Highfive.
Lastly, paste that information into the appropriate fields below:
Step 9: Test the configuration
Make sure all of the information has been provided correctly by clicking 'Test Configuration.' If everything is correct, you'll get this success message:
Step 10: Click apply configuration
This is important, as nothing will be saved if you don't click Apply configuration.
And that's it! From now on, when your users go to login to Highfive, they'll be redirected to an Centrify sign in flow. They'll login with their Centrify credentials, and then be redirected back to the app.