.png)
SafeTitan supports the OIDC federation protocol for SSO integration with Centrify. The configuration steps for setting up this integration are listed below. It is broken into 2 steps :-
- Register Application in your Centrify administration portal.
- Update Authentication Settings in your SafeTitan portal.
Register Application in Centrify Admin Portal
The first step is to register the SafeTitan application within your Centrify portal. This will generate an application id and allow for your application to receive security tokens. Basically when the SafeTitan application provides the generated application ID during the authentication flow, Centrify will provide a level of trust by providing the authenticated security token to SafeTitan to progress with login. The steps involved in registering the application are listed below:-
- Sign in to your Centrify admin portal.
- Within the main navigation, select Web Apps
- Click the button Add Web Apps
- Click the Custom tab and select the Add button next to OpenID Connect
- Click yes to create the application.
- Give the application a name such as SafeTitan
- Select the trust tab. In this tab, make note of the Client ID, Client Secret and Issuer URL. These fields will be needed when configuring the application on the SafeTitan portal.
- Still within the trust tab, add the Resource Application URL : https://{your-company-name}.safetitan.com
- Still within the trust tab, add the Authorized Redirect URIs:
- https://{your-company-name}.safetitan.com
- https://{your-company-name}.safetitan.com/auth/osignedin
- Click Save
- Within the tokens tab, overwrite the script content with the script below.
/* SCRIPT START*/
setIssuer(Issuer);
// Claims "email" & "email_verified" will only be set
// if "email" is specified in scope.
var email = LoginUser.Email;
setClaim('email', email);
setClaim('name', email);
setClaim('preferred_username', email);
setClaim('http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier', email);
setClaim('http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name', email);
// Script End
- Click Save
- In order to allow users in your centrify directory to have access to the SafeTitan application, navigate to roles and select the roles you wish to give access to - we will use Everyone in this example.
- Select the role, and select Assigned applications. Assign the SafeTitan application to the role and click save.
- Navigate back to the application registration in the Web Apps tab. Select the SafeTitan application and then the permissions tab.
- Check the Grant checkbox next to the role and click Save. This completes the registration on the Centrify portal.
Configuration on SafeTitan
The last step is to add the minimal configuration needed to your SafeTitan portal.
- Login to your SafeTitan portal as an administrative user.
- From the menu on the left, select Settings and then Authentication Settings
- From the Authentication Type drop-down, select OpenID.
- For each of the fields, provide the values:
- Post logout redirect URI : https://{your domain name}.safetitan.com/auth/osignedin
- Redirect URI: https://{your domain name}.safetitan.com/auth/osignedin
- Authority: Your Issuer URI from the Centrify admin portal.
- Client Id: This should be the Client Id field you will have been provided with from the Centrify application registration. See above.
- Client Secret: This should be the Client Secret field you will have been provided with from the Centrify application registration. See above.
- Domain Hint: your-domain.com
- Username Claim: This will default to preferred_username but can be updated to a claim of your choosing, for example the UPN claim would be: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn
- Click Save
This concludes the setup. Please note that it may take one day for the changes to take effect,
 1.png)