Follow Centrify's instructions to add a custom SAML application.
Under Identity Provider Configuration and Metadata, copy the URL - this is your metadata URL that you'll need to send over to Benchling.
Under Service Provider Configuration, select Manual Configuration. You'll need the following information (replace "YOURDOMAIN" with your subdomain):
-
SP Entity ID/ Issuer /Audience: https://YOURDOMAIN.benchling.com/ext/saml/metadata.xml
-
Assertion Consumer Service (ACS) URL: https://YOURDOMAIN.benchling.com/ext/saml/signin:finish
-
Recipient Same as ACS URL: leave checked
-
Sign Response or Assertion: select Response
-
<NameID> Format: unspecified
-
Encrypt SAML Response Assertion: leave unchecked
-
Relay State: leave empty
-
Authentication Context Class: unspecified
On the SAML Response page, in the Attributes section, add the following attributes (Attribute Name as Attribute Value shown below):
-
firstName as LoginUser.FirstName
-
lastName as LoginUser.LastName
-
email as LoginUser.Email
Once configured, return to https://benchlinghelp.zendesk.com/hc/en-us/articles/9684227694733-Configure-SAML-Single-Sign-On-for-Benchling and continue from Step 2.