SAML with Centrify

Step 1: Login to your Centrify Admin portal and click on Apps. Select add web apps. cfy-saml1

Step 2: Navaigate to the Custom tab and click add on SAML app. cfy-saml2

Step 3: Enter an application id for the new app and click save. cfy-saml3

Step 4: Navigate to the trust tab. Choose manual configuration in service provider configuration tab. Enter your authorization domain /cdn-cgi/access/callback as SP Entity ID fields and Assertion Consumer Service (ACS) URL. Click Save. cfy-saml4

Step 5: Navigate to User Access tab and click Add. You can assign access to users with specific roles to the application. cfy-saml5 cfy-saml6 cfy-saml7

Step 6: Go to the SAML response tab. Click Add to create a new attribute called email and pass the email of the user as value. Click Save. cfy-saml8 cfy-saml9

Step 7: Navigate to trust tab to get the identity provider information. Download the metadata xml file. Navigate to the access tab and upload the metadata. cfy-saml10

Step 8: If you choose to enter manually, Select Manual Configuration and enter the following information in the Cloudflare Access modal from the Centrify portal. cfy-saml11

  • Provider Name: Name your identity provider.
  • Single Sign on URL: Copy the Single-Sign-On URL
  • Idp Entity ID: Copy the Idp Entity Id / Issuer
  • Signing Certificate: Dowlnoad and copy the certificate value between Begin Certificate and End Certificate.

Step 9: Finally enter email as Email attribute in SAML assertion field. Click save and close.