Use your Tenant URL

A tenant is the logical unit that separates subscriber organizations from each other within Centrify cloud service. When users and administrators log into Centrify cloud service, they log in to a specific tenant, and every operation that they perform applies to that tenant alone.

When a company registers with Identity Service, Centrify assigns a unique customer ID, or tenant ID, to each tenant. Identity Service automatically generates a tenant URL for each tenant by prefixing the tenant ID to the string 'my.centrify.net' (tenant.my.centrify.net). For example, for tenant ID, ABCD1234, the Identity Service creates the following URL: ABC1234.my.centrify.net.

The tenant URL that Identity Service generates is known as the system URL. In addition, Identity Platform enables administrators to create their own custom URLs by prefixing a string, such as company name, or some other identifier to 'my.centrify.net'; for example, acme.my.centrify.net. Every tenant has one system URL and zero or more custom URLs. An administrator designates one of the custom URLs as the default, or preferred ID.

If a user logs in with a system URL, Identity Service redirects the browser to the preferred tenant URL. If a user logs in with a custom or preferred tenant ID, Identity Service maintains that URL.

The tenant URL not only identifies the Identity Service tenant for login, it is required to identify each Centrify API call. For example, here are examples that use a system URL and a custom tenant URL for a call to Security/StartAuthentication:

https://ABC1234.my.centrify.net/Security/StartAuthentication //system URL
https://acme.my.centrify.net/Security/StartAuthentication    //custom tenant URL

As a developer, you must be able to support redirection of the tenant URL by Identity Service. Here is what Identity Platform does for different kinds of tenant URLs:

  • Maintains custom tenant URL.
  • Maintains preferred tenant URL.
  • Redirects system URL to preferred URL.

From the API standpoint, redirection applies only to authentication. If you start authentication by specifying the system tenant ID, you must be prepared for redirection to the preferred tenant ID. See Handling redirects in Adaptive Authentication for details.