Configuring PeopleHR and Centrify using SAML

Configuring PeopleHR and Centrify using SAML

By Centrify ‎08-10-2018 03:07 AM


Centrify Tenant – Free trial available:

PeopleHR Tenant


Step 1.  Authenticate to your Centrify Tenant.


Add a new application. From the Admin portal, select Apps, “Add Web Apps”


Screen Shot 2018-08-07 at 13.01.44.png


Under Custom > Select SAML


Screen Shot 2018-08-07 at 13.02.47.png 


Within the application Configuration Options.


Settings \ Name = PeopleHR (Cosmetic – this is your choice of name)


Screen Shot 2018-08-07 at 13.04.36.png


Under Trust \

Download the metadata file (this is required later)


Screen Shot 2018-08-07 at 13.05.07.png


Service Provider Configuration

Select “Manual Configuration”


Screen Shot 2018-08-07 at 13.06.37.png



Complete the following fields as follows:


SP Entity ID / Issuer / Audience = test-app-peopleweb

Assertion Consumer Service (ACS) URL = https://{replace-with-your-domain-name}


Sign Response or Assertion? = Assertion


NameID Format = emailAddress


Screen Shot 2018-08-07 at 13.12.38.png


Step 2 – Associate PeopleHR to your users.


Within the application, select permissions and add the role for accessing the application. In this example I am associating PeopleHR with the “Everybody”


Screen Shot 2018-08-07 at 13.21.09.png


Screen Shot 2018-08-07 at 13.21.20.png





Step 3 - Authenticate to PeopleHR


 Screen Shot 2018-08-07 at 13.14.10.png


Under Settings \ Company \ Upload the metadata XML file previously downloaded


Screen Shot 2018-08-07 at 13.15.32.png


Step 4 – Test The authentication


Log into the Centrify Portal, click on “PeopleHR” and you experience SSO to PeopleHR


Screen Shot 2018-08-07 at 13.23.30.png


Screen Shot 2018-08-07 at 13.27.11.png


Screen Shot 2018-08-07 at 13.28.02.png


Log out of all windows, go to your PeopleHR tenant address , select sign in, you will be redirected to the Centrify Portal as your Identity Provider. Enter you credentials to gain access to People HR.


Screen Shot 2018-08-07 at 13.29.37.png

Step 5 – Customise the icon (Optional).


Customise the People HR Icon. Obtain a PeopleHR icon (Favourite search engine).

Within the Centrify Portal, select the PeopleHR Application.

Under Logo, select browse, and select the icon.


Screen Shot 2018-08-07 at 13.33.39.png


Reload the screen in your user portal for the changes to take effect.


Screen Shot 2018-08-07 at 13.34.11.png


Step 6 – MFA (Optional)


Increase the security posture by applying MFA for access to PeopleHR requiring users to provide a second factor.


Centrify Portal \ Apps \ PeopleHR \ Policy


Screen Shot 2018-08-10 at 08.55.56.png


There are numerous options for configuring MFA, these include conditional based access as shown below, you might decide that when a user is on a trusted device or in the corporate office not to prompt for MFA, but when they are working remotely they should be challenged.


Screen Shot 2018-08-10 at 08.57.49.png


In this example, we are going to prompt for MFA every time a user accesses PeopleHR and create a new authentication profile to detail the steps require.


Under policy. Select “Default Profile”


Screen Shot 2018-08-10 at 09.01.10.png



Select “Add new profile”


Screen Shot 2018-08-10 at 08.59.56.png


Provide a name for the Authentication Profile eg “PeopleHR” and select the required Authentication Mechanisms. I have selected all options apart from password. This will provide the users with a list of authentication mechanisms based on those mechanisms they have available.


Screen Shot 2018-08-10 at 09.04.49.png


Exit and save


Step 7 – User Ability testing


Authenticate to the Centrify portal.


Screen Shot 2018-08-10 at 09.12.03.png


Click on PeopleHR App


Screen Shot 2018-08-10 at 09.12.36.png


Select your chosen authentication mechanism, in this example I am selecting Text Message.


Screen Shot 2018-08-10 at 09.12.59.png


Click on the text message via push notification and approve the authentication request


Screen Shot 2018-08-10 at 09.20.47.png


You have now authenticated to PeopleHR using a second factor of authentication.


Screen Shot 2018-08-10 at 09.21.59.png


Configuration Complete. 


To see how this looks for an end user, the following 3 minute video clip demonstrates the end users experience. 




Showing results for 
Search instead for 
Do you mean 

Community Control Panel