Setting up Centrify as an Identity Provider (IdP) is less straightforward then other IdP providers .
Spoiler Alert: Using the automated configuration approach (IdP metadata URL) for Centrify within ParkMyCloud is the preferred approach.
First, let's do some minor setup within ParkMyCloud.
- Go to Settings > Single Sign-On (SSO) with SAML. Activate it. We suggest "Allowed for all users", which allow both local accounts and SSO accounts, particularly if you already have local login users.
- You also may want to replace the "Unique name" with something more human readable. Here we changed it to "centrify-test".
- You might also want to pick a default team to bring users into the platform. We left that blank for now.
- Lastly, you'll want to chose "Automatic from IdP metadata URL" for the IdP configuration.
- Copy the SP ACS URL
That's all we can do for now until we configure Centrify, so jump over to Centrify.
To configure Centrify, you will need admin permissions. Login to Centrify with the appropriate credentials and switch to "Admin" mode.
Once you are logged in as admin, select the "Apps" tab at the top of the screen and click on the "Add Web Apps" button.
This will open up a modal for Centrify's Application Catalog. Select "Custom", then scroll down until you see "SAML". Click on the "Add" button.
Then click "Yes" to add this template.
You are all done with the catalog, so click "Close".
Once the modal is closed you will be application configuration mode, starting on the "Application Settings" page. Here you will need to do a couple of things:
- In the "Assertion Consumer Service URL" box, paste in the "SP ACS URL" you copied from ParkMyCloud
- Come back to Centrify and scroll to the bottom of this page.
- Copy the "Identify Provider SAM Meta data URL"
- Then go to ParkMyCloud and paste it into the "IdP metadata URL box.
- Click "Save Changes".
- If you get no errors, then the ParkMyCloud part of the configuration is done. However, we need to finish configuring Centrify.
- So, go back to Centrify.
Back in Centrify, go to the "Description" page. Do the following:
- Type in "ParkMyCloud" for the name of the application
- Type in a description for your users. May we suggest what is shown:
"ParkMyCloud is a SaaS application which allows you to schedule on/off time for your cloud resources to save money."
- You can also upload our logo if you like. It is attached below to this article.
- When you are done, click "Save".
Next go to the "User Access" page to enable access to the application for your users. We suggest "everybody" and "automatic install." Click "Save" when you are done.
Next, go to the "Account Mapping" page. Type in "mail" in the "Directory Service field name" and Click "Save".
Lastly, go to the "Advanced" page. Here we will configure the settings and required attribute mappings for ParkMyCloud.
Delete the default script you see there and replace it with what you see. For your convenience, there is a text file at the bottom of this article with these commands in it. You can simply copy the commands from there and paste them in here.
NOTE: If you want to check proper operation, click on the "Test" button. If you get an error, double check to make sure you have copied everything correctly. Otherwise, you should see a modal pop-up, showing a SAML transaction, indicating that things seem to be working okay.
You are all done!
When your users log into Centrify, they should see the ParkMyCloud application on their desktop.
If they double-click on it, they will be logged into ParkMyCloud using what is known as "IdP-initiated SSO".
Conversely, you can give your users the SP Login URL from ParkMyCloud, which they can paste into the browser, which will first bring them to the Centrify IdP server, where they will be authenticated; then they will be logged into ParkMyCloud, using what is known as "SP-initiated SSO".
In either case, the first time they login, their ParkMyCloud account will be created automatically using "just-in-time" provisioning.