Centrify is a comprehensive suite of free Active Directory-based integration solutions for authentication, single sign-on, remote access and file-sharing for heterogeneous systems.

Prerequisite

  • Partners must register with OpsRamp to get OpsRamp login credentials.
  • Provide your custom branding URL (such as <yourwebsitename>.opsramp.com).

Centrify configuration

To configure:

  1. Log into Centrify.
  2. Go to Apps > Add Web Apps > OpsRamp.
  3. From Custom App, click the SAML template and click Add.
  4. In Service Provider Info, enter:
    • Consumer service URL: https://<opsrampclientbrandingname>.opsramp.com/samlResponse.do
    • Issuer: https://<opsrampclientbrandingname>.opsramp.com/saml.do
  5. In Application Settings, enter:
    • Sign in URL
    • Error URL
    • Sign out URL
    • SAML Meta data URL
  6. Download the Centrify Signing certificate (saved with extension.cer). The certificate is used for OpsRamp configuration.
  7. Enter the following and Save:
    • Description: Enter a description for SAML App.
    • User Access: Enter permissions to the users to install the OpsRamp web app.
    • Account Mapping: Map the added OpsRamp web app to the user accounts with a mapping script and

OpsRamp configuration

To configure SSO integration:

  1. From All Clients, select a client.

  2. Go to Setup > Account.

  3. Select the Integrations and Apps tab.

  4. The Installed Integrations page, where all the installed applications are displayed. Note: If there are no installed applications, it will navigate to the Available Integrations and Apps page.

  5. Click + ADD on the Installed Integrations page. The Available Integrations and Apps page displays all the available applications along with the newly created application with the version.
    Note: You can even search for the application using the search option available. Also you can use the All Categories option to search.

  6. From Available Integrations and Apps, click +ADD on the Centrify and click Install.

    SSO - Tenant unique prefix
  7. Enter:

    • Issuer URL: Identity provider Issuer URL
    • Redirection URL: SAML EndPoints for HTTP
    • Logout URL: URL for logging out
    • Certificate: x.509 Certificate

  8. Provision Username as: There are two ways to provision a user:

    • Identify Provider’s Name Identifier option is selected by default. The user which is created in the SSO portal will reflect in OpsRamp.

    • Identify Provider’s Name Identifier with OpsRamp tenant-unique prefix: This option allows you to:

      • Create usernames with a unique 3-digit alphanumeric prefix, that is generated automatically by the system.
      • Install the same identity provider across multiple OpsRamp tenants.
        Note: Once you enable this option and install the integration, you cannot revert your changes.
        Example: There are three partners, Partner P1, P2, and P3. Each partner has usernames created with unique 3-digit alphanumeric prefix, like g0z.username1 for partner P1, p0w.username1 for partner P2, and t9q.username1 for partner P3.

      After installing the integration, when you click the integration name in the Configuration tab, the User Provision section will show the unique tenant prefix.

      User Provision - Tenant prefix
  9. Click Install.

    User Provision:

    • Select the following details and click Save:
    • Provision Type: SCIM. When configuring the integration it is necessary to select the Provision Type - SCIM to synchronize users and groups when provisioning occurs. If you select provision type as JIT, JIT user is created during user login.
    • Default Role: The required user role.

  10. Copy the URL and Token information. These details are used when configuring Azure AD Provisioning settings.

  11. Define the following Map Attributes:

    Role mapping is required for groups and users.

    User:

    1. Select OpsRamp Entity as User and OpsRamp Property as Role.
    1. Click +. The Create User Mapping on Role popup is displayed.

    a. Third-party Entity: Enter the value.
    b. Third-party Property: Enter the value.
    OpsRamp Entity and OpsRamp Property are populated automatically.
    Under Add Property Values:
    c. Third-party Property Value: Enter the value that is coming from Azure side (from the payload).
    d. OpsRamp Property Value: Select the appropriate role corresponding to the Third-party Property Value. To add more property values click +.
    e. Click Save. The mapping is saved and displayed.

    Similarly, map attributes for other entities like First Name, Last Name, Mobile Number, Phone, Email, etc.

    User Group:

    1. Select OpsRamp Entity as User Group and OpsRamp Property as Role.
    1. Click +. The Create User Group Mapping on Role popup is displayed.

    a. Third-party Entity: Enter the value.
    b. Third-party Property: Enter the value.
    OpsRamp Entity and OpsRamp Property are populated automatically.
    Under Add Property Values:
    c. Third-party Property Value: Enter the value that is coming from Azure side (from the payload).
    d. OpsRamp Property Value: Select the appropriate role corresponding to the Third-party Property Value. To add more property values click +.
    e. Click Save. The mapping is saved and displayed.

If the Role is not configured in Map Attributes section, the Default Role provided in User Provision is considered for SSO.