Single Sign-On (SSO)
      Back to home
      1. Help Docs
      2. Administration
      3. Single Sign-On (SSO)

      Configuring Prendio with Centrify SSO Authentication

      This document details the configuration of Centrify Single Sign-On (SSO) Authentication for Prendio and enabling SSO authentication for a Prendio User.

       
      Prerequisites:
      • This configuration requires that a SSO service, such as Centrify, is available to your company. The company IT Department normally sets this up and provides the technical details. An overview of creating a Centrify SAML application is available in this help doc.
      • A Prendio user with the Admin role is required to complete this process
      • If the SSO radio button is not available for an Admin to select, then the feature must be requested for the Company account. Contact Prendio Technical Support at support@prendio.com

       

      An admin for Centrify will need to create a SAML application that will be used for the authentication. That application will need the following fields and values:

       SP Entity ID / Issuer / Audience https://procure.prendio.com
       Assertion Consumer Service (ACS) URL https://procure.prendio.com/sso/auth
       Receipt (Same as ACS URL)
       
      After the Centrify configuration is complete, the Company Admin should first test the configuration by selecting SSO for a different Prendio User. This way in the event of a mistake, the Admin is not locked out and the test user can be configured for Prendio Authentication while the issue is resolved.
       
      Enabling SSO Integration for Your Prendio Company
       

      1. Go to [Admin > General] and click the User Authentication section

      2. Select the Single Sign-On radio button, select "SAML 2.0" in the the Single sign-on authentication field, and select "Centrify" in the Identity Provider field

      3. The Company IT and Prendio Admin then need to input the SAML Metadata URL in that field and click the Load URL button. After clicking that button, the Identity Provider Login UrlIdentity Provider entity ID, and the Identity Provider Certificate fields will automatically populate.

      4. "Email Address" is the Default User Mapping used with Prendio SSO.

      5. Click the Save button.
       
      Whenever the Save button is clicked on this page, a prompt appears asking how to proceed with initial user configuration:
       
       
      You can apply SSO authentication to all users or configure each user manually. See the next section for information on manually configuring authentication for each user.
       

      Enabling SSO Authentication for a User

      6. Edit an account under [Admin > Users] and click the Authentication section

      7. Select "SSO" in the Auth Metod field

      8. Enter the user's email address in the IdP Username field. Note that the email address for this field is case sensitive depending how Centrify is configured
      9. Click the Save button