Configuring PeopleHR and Centrify using SAML

Configuring PeopleHR and Centrify using SAML

By Centrify ‎08-10-2018 03:07 AM

Prerequisites.

Centrify Tenant – Free trial available: https://www.centrify.com/free-trial/

PeopleHR Tenant

 

Step 1.  Authenticate to your Centrify Tenant.

 

Add a new application. From the Admin portal, select Apps, “Add Web Apps”

 

Screen Shot 2018-08-07 at 13.01.44.png

 

Under Custom > Select SAML

 

Screen Shot 2018-08-07 at 13.02.47.png 

 

Within the application Configuration Options.

 

Settings \ Name = PeopleHR (Cosmetic – this is your choice of name)

 

Screen Shot 2018-08-07 at 13.04.36.png

 

Under Trust \

Download the metadata file (this is required later)

 

Screen Shot 2018-08-07 at 13.05.07.png

 

Service Provider Configuration

Select “Manual Configuration”

 

Screen Shot 2018-08-07 at 13.06.37.png

 

 

Complete the following fields as follows:

 

SP Entity ID / Issuer / Audience = test-app-peopleweb

Assertion Consumer Service (ACS) URL = https://{replace-with-your-domain-name}.peoplehr.net/Pages/Saml/Consume.aspx

 

Sign Response or Assertion? = Assertion

 

NameID Format = emailAddress

 

Screen Shot 2018-08-07 at 13.12.38.png

 

Step 2 – Associate PeopleHR to your users.

 

Within the application, select permissions and add the role for accessing the application. In this example I am associating PeopleHR with the “Everybody”

 

Screen Shot 2018-08-07 at 13.21.09.png

 

Screen Shot 2018-08-07 at 13.21.20.png

 

Save 

 

 

Step 3 - Authenticate to PeopleHR

 

 Screen Shot 2018-08-07 at 13.14.10.png

 

Under Settings \ Company \ Upload the metadata XML file previously downloaded

 

Screen Shot 2018-08-07 at 13.15.32.png

 

Step 4 – Test The authentication

 

Log into the Centrify Portal, click on “PeopleHR” and you experience SSO to PeopleHR

 

Screen Shot 2018-08-07 at 13.23.30.png

 

Screen Shot 2018-08-07 at 13.27.11.png

 

Screen Shot 2018-08-07 at 13.28.02.png

 

Log out of all windows, go to your PeopleHR tenant address , select sign in, you will be redirected to the Centrify Portal as your Identity Provider. Enter you credentials to gain access to People HR.

 

Screen Shot 2018-08-07 at 13.29.37.png

Step 5 – Customise the icon (Optional).

 

Customise the People HR Icon. Obtain a PeopleHR icon (Favourite search engine).

Within the Centrify Portal, select the PeopleHR Application.

Under Logo, select browse, and select the icon.

 

Screen Shot 2018-08-07 at 13.33.39.png

 

Reload the screen in your user portal for the changes to take effect.

 

Screen Shot 2018-08-07 at 13.34.11.png

 

Step 6 – MFA (Optional)

 

Increase the security posture by applying MFA for access to PeopleHR requiring users to provide a second factor.

 

Centrify Portal \ Apps \ PeopleHR \ Policy

 

Screen Shot 2018-08-10 at 08.55.56.png

 

There are numerous options for configuring MFA, these include conditional based access as shown below, you might decide that when a user is on a trusted device or in the corporate office not to prompt for MFA, but when they are working remotely they should be challenged.

 

Screen Shot 2018-08-10 at 08.57.49.png

 

In this example, we are going to prompt for MFA every time a user accesses PeopleHR and create a new authentication profile to detail the steps require.

 

Under policy. Select “Default Profile”

 

Screen Shot 2018-08-10 at 09.01.10.png

 

 

Select “Add new profile”

 

Screen Shot 2018-08-10 at 08.59.56.png

 

Provide a name for the Authentication Profile eg “PeopleHR” and select the required Authentication Mechanisms. I have selected all options apart from password. This will provide the users with a list of authentication mechanisms based on those mechanisms they have available.

 

Screen Shot 2018-08-10 at 09.04.49.png

 

Exit and save

 

Step 7 – User Ability testing

 

Authenticate to the Centrify portal.

 

Screen Shot 2018-08-10 at 09.12.03.png

 

Click on PeopleHR App

 

Screen Shot 2018-08-10 at 09.12.36.png

 

Select your chosen authentication mechanism, in this example I am selecting Text Message.

 

Screen Shot 2018-08-10 at 09.12.59.png

 

Click on the text message via push notification and approve the authentication request

 

Screen Shot 2018-08-10 at 09.20.47.png

 

You have now authenticated to PeopleHR using a second factor of authentication.

 

Screen Shot 2018-08-10 at 09.21.59.png

 

Configuration Complete. 

 

To see how this looks for an end user, the following 3 minute video clip demonstrates the end users experience.

 

https://www.youtube.com/watch?v=_U5AwVm6qJY&feature=youtu.be 

 

 

 

Showing results for 
Search instead for 
Do you mean 
Labels

Community Control Panel