Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring Centrify Identity Platform to communicate with JSA

Ensure that you have the Tenant ID and admin login details that are supplied by Centrify. Ensure that you have the correct user permissions for the Centrify admin portal to complete the following steps:

To send events to JSA from your Centrify Identity Platform, create a user role and configure a user policy on your Centrify Identity Platform. The JSA user can then create a log source in JSA.

  1. Log in to your Centrify Identity Platform admin portal.
  2. Create a Centrify Identity Platform user role:

    1. From the navigation pane, click Roles > Add Role.

    2. In the Name field, type the name for the role.

    3. Select Members, and then click Add.

    4. In the Add Members window, search for the user name to assign to the role, and then select the member.

    5. Click Add.

    6. Select Administrative Rights, and then click Add.

    7. From the Description list, select Read Only System Administrator.

    8. Click Save.

  3. Create an authentication profile:

    1. From the navigation pane, click Settings > Authentication.

    2. From the Platform menu, click Authentication Profiles.

    3. Click Add Profile, and then type a name for the profile in the Profile Name field.

    4. From the Challenge 1 pane in the Authentication Mechanisms window, select Password.

    5. From the Challenge Pass-Through Duration list, select 30 minutes, and then click OK. The default is 30 minutes.

    Note:

    Do not select any options from the Challenge 2 pane in the Authentication Mechanisms window. Select options only from the Challenge 1 pane.

  4. Configure a user policy:

    1. From the navigation pane, click Policies > Add Policy Set.

    2. From the Policy Setting pane, type a name for the policy in the Name field.

    3. From the Policy Assignment pane, click Specified Roles.

    4. Click Add.

    5. From the Select Role window, select the role that you created in Step 2 from the Role list, and then click Add.

    6. From the Policy Settings menu, select Login Policies > Centrify Portal.

    7. From the Enable authentication policy controls window, select Yes.

    8. From the Default Profile pane, select the authentication profile that you created in Step 3 from the Default Profile list.

    9. Click Save.

    Note:

    If you have difficulty when configuring your Centrify Identity Platform to communicate with JSA, contact your Centrify administrator or your Centrify contact.

Centrify Identity Platform sample event message

Use this sample event message as a way of verifying a successful integration with JSA.

The following table provides a sample event message when you use the Centrify Identity Platform REST API protocol for the Centrify Identity Platform DSM:

Table 1: Centrify Identity Platform Sample Message Supported by Centrify Identity Platform

Event name

Low level category

Sample log message

Cloud.Core.Login. MultiFactorChallenge

User Login Attempt

 
{"RequestIsMobileDevice": false,
"AuthMethod": "MultiAuth","Level":
"Error","UserGuid": "c2c7bcc6-9560
-44e0-8dff-5be221cd37ee","Mechanism"
: "EMail","Tenant": "AAM0428",
"FromIPAddress": "<IP_address>","ID"
: "772c2e1908a4f11b.W03.c5ab.a93685
2233b2232d","RequestDeviceOS":
"Windows","EventType": "Cloud.Core.
Login.MultiFactorChallenge","Request
HostName": "192.0.2.1","ThreadType":
"RestCall","UserName": "username
@example.com","NormalizedUser":
"username@example.com","WhenLogged":
"/Date(1472679431199)/","When
Occurred": "/Date(1472679431199)/"
,"Target": "username@example.com"}