Using Centrify as your IdP

Setting up Federated Authentication with Centrify

1. Login to your Centrify admin account and go to Web Apps > Add Web Apps > Custom > SAML > Add.

2. Select the newly created application and go to Trust

3. In both the Identity Provider Configuration and the Service Provider Configuration sections select the Manual Configuration option and add the following configuration for Service Provider Configuration.
4. Assign a user to the application by adding permissions:

5. In Mambu, navigate to Administration > Access > Federated Authentication and select the Enable Single Sign-On check box with the Manual Settings options selected as well.
6. Enter the Name you would like to use for your IdP.
7. Enter the Single Sign-On Endpoint, use the Single Sign On URL (Centrify Identity Provider Configuration section)
8. Download the Signing Certificate from the Identity Provider Configuration section
9. Enter the Certificate Fingerprint with the value of the following command:

openssl x509 -noout -fingerprint -sha256 -inform pem -in {/path/to/certificate-file.crt}

Do not forget to replace the placeholders above with the correct certificate name / path.

10. For Issuer ID, enter the Entity ID from IdP Entity ID / Issuer (Centrify Provider Configuration section)

11. Select Test SSO Connection and enter the username and password of the assigned user account.
12. Once you are sure you have a successful setup, you can select Save Changes.

Role assignment

To map the roles from IdP to Mambu and to have the user details such as email, first name, last name stored in Mambu, the following attributes must be added to the SAML Response:

LoginUser.RoleNames will contain the list of a user's roles names, the first of which will be used in Mambu.