Follow Centrify's instructions to add a custom SAML application.
Under Identity Provider Configuration and Metadata, copy the URL - this is your metadata URL that you'll need to send over to Benchling.
Under Service Provider Configuration, select Manual Configuration. You'll need the following information (replace "YOURDOMAIN" with your subdomain):
- SP Entity ID/ Issuer /Audience: https://YOURDOMAIN.benchling.com/ext/saml/metadata.xml
- Assertion Consumer Service (ACS) URL: https://YOURDOMAIN.benchling.com/ext/saml/signin:finish
- Recipient Same as ACS URL: leave checked
- Sign Response or Assertion: select Response
- <NameID> Format: unspecified
- Encrypt SAML Response Assertion: leave unchecked
- Relay State: leave empty
- Authentication Context Class: unspecified
On the SAML Response page, in the Attributes section, add the following attributes (Attribute Name as Attribute Value shown below):
- firstName as LoginUser.FirstName
- lastName as LoginUser.LastName
- email as LoginUser.Email
Once configured, return to https://help.benchling.com/saml-sso-setup/saml-single-sign-on and continue from Step 2.