Login
Contents x
Using Centrify as your IdP
  • 29 Jun 2021
  • 1 Minute To Read
  • Print
  • Dark
    Light
  • PDF
Contents

Using Centrify as your IdP

  • Updated On 29 Jun 2021
  • 1 Minute To Read
  • Print
  • Dark
    Light
  • PDF
Article summary

To set up Federated Authentication with Centrify, log in to your admin account, add a new web app, select SAML, and configure the Service Provider settings. Assign user permissions in Mambu under Federated Authentication. Enable Single Sign-On with manual settings, enter IdP details, download the Signing Certificate, and test the SSO connection. Save changes once successful. To map roles and store user details in Mambu, add specific attributes to the SAML Response.

Setting up Federated Authentication with Centrify

  1. Login to your Centrify admin account and go to Web Apps > Add Web Apps > Custom > SAML > Add.

Add Web apps screen

  1. Select the newly created application and go to Trust

Trust screen with Identity provider configuration and service provider configuration sections visible

  1. In both the Identity Provider Configuration and the Service Provider Configuration sections select the Manual Configuration option and add the following configuration for Service Provider Configuration.
  2. Assign a user to the application by adding permissions:

permissions screen

  1. In Mambu, navigate to Administration > Access > Federated Authentication and select the Enable Single Sign-On check box with the Manual Settings options selected as well.
  2. Enter the Name you would like to use for your IdP.
  3. Enter the Single Sign-On Endpoint, use the Single Sign On URL (Centrify Identity Provider Configuration section)
  4. Download the Signing Certificate from the Identity Provider Configuration section
  5. Enter the Certificate Fingerprint with the value of the following command:
openssl x509 -noout -fingerprint -sha256 -inform pem -in {/path/to/certificate-file.crt}

Do not forget to replace the placeholders above with the correct certificate name / path.

  1. For Issuer ID, enter the Entity ID from IdP Entity ID / Issuer (Centrify Provider Configuration section)

Mambu Adminsistration screen with all relevant fields filled in

  1. Select Test SSO Connection and enter the username and password of the assigned user account.
  2. Once you are sure you have a successful setup, you can select Save Changes.

Role assignment

SAML Response settings screen

To map the roles from IdP to Mambu and to have the user details such as email, first name, last name stored in Mambu, the following attributes must be added to the SAML Response:

Attribute NameAttribute Value
EmailLoginUser.Email
First NameLoginUser.FirstName
Last NameLoginUser.LastName
RoleIDLoginUser.RoleNames

LoginUser.RoleNames will contain the list of a user's roles names, the first of which will be used in Mambu.

Was this article helpful?
What's Next
Mambu
Documentation
Links
Existing Users
Connect With Us
Support
Copyright © 2023 Mambu B.V. All Rights Reserved
Change password!
Changing your password will log you out immediately. Use the new password to log back in.
Change profile
Success!
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
Logout
ESC

Eddy AI, facilitating knowledge discovery through conversational intelligence