Partners are responsible for the following:
- Providing you with their IDP metadata.
- Providing you with the group attribute value(s) that they will pass in their SAML tokens. See Understanding group attribute values to roles mapping .
Configuring their IDP to pass SAML tokens to you:
- If your partner is using an external IDP, see our support Knowledge Base article for ADFS configuration information.
- If your partner is using another Centrify tenant, they can easily do this by deploying the Centrify B2B SAML application. See Custom SAML applications.
- SAML payload must contain a raw digital key in the signature element.
Service Providers (SPs) are responsible for the following:
- Providing the SP metadata to your partner. See Providing the Service Provider metadata .
- Adding the partner in Admin Portal. See Adding a partner. You will need the IDP metadata and the group attribute value from your partner before you can complete this task.
- Assigning your groups to roles in Admin Portal. See Assigning host groups to roles.
- Mapping of the global group attribute (for all your partners) to your groups. See Mapping of global group attributes.
- Specifying multi-factor authentication (MFA) for partner logins. See Specifying partner MFA requirements.