The Centrify integration uses OpenID Connect to allow your users to login to Halo using their Centrify account. To enable this, you must first configure an app record in Centrify.
Start by opening the Centrify management portal and navigating to Apps > Web Apps. Click Add Web Apps which will bring up the app catalogue. Click the Custom tab, and then select OpenID Connect as your template. Click yes when asked if you want to add this application.
Upon confirmation, your app will be available in your list of web apps in Centrify, and you will be redirected to its setup screen automatically. You must first choose an application ID and also a name for the app. You can also add a description and logo if you wish.
Now move onto the trust tab of your application. You will notice that a lot of these values are pre-populated, but some additional changes are required. Firstly, populate the client secret field with a secure value of your choice.
Next you are required to provide the resource application URL, and any authorized redirect uris. To determine these values, open Halo and navigate to Integrations > Halo API. The resource application url is equal to the authorization server value shown in the Halo API setup page:
You must then add an authorized redirect uri which is equal to your authorization server url, followed by /account/centrifyresponse.
This completes the main configuration of the web application in Centrify. You may also need to take some further steps, such as determining which users are allowed to access the application, but this is beyond the scope of this guide.
To enable the Centrify integration in Halo, navigate to Integrations where you will find the Centrify module under the Identity Management header. Once the module is enabled, an option will be shown on the login screen to use Centrify as your login method. For this reason, you will not be able to enable the module until it has been completely configured. Click into the module to start configuring it.
Three values are required for Halo to communicate with Centrify successfully. The first is your Centrify URL. Then, your new Centrify web app application ID and client ID can be obtained from the settings and trust tabs respectively. Copy these values into Halo.
You will now be able to enable the module, and start using Centrify as your login method.
This integration has two extra features that you may wish to enable/change. Firstly, it is possible to automatically redirect to Centrify so that users are not shown the Halo login screen. Secondly, you can decide whether agents and/or users are allowed to use Centrify as their login method.