Pricing  Get Quote

SAML single sign-on

SAML Single Sign-On for Cloud Applications

Security Assertion Markup Language (SAML) is an XML-based open standard that eliminates the need for multiple application-specific usernames and passwords. It does this by facilitating the secure exchange of authentication and authorization data between applications. SAML is one of the most widely used standards to provide users with secure, one-click access to multiple cloud applications via single sign-on (SSO). All major cloud applications support SAML, including Office 365, Google Workspace (formerly G Suite), Salesforce, Dropbox, and ServiceNow.

ADSelfService Plus supports SSO for all SAML 2.0-enabled cloud applications.

How SAML Authentication Works?

SAML authentication requires three entities:

  • A user—the person trying to access a service.
  • A service provider (SP)—the application that provides the service (e.g. Office 365 and Google Workspace (formerly G Suite)).
  • An identity provider (IdP)—the application that authenticates the user (e.g. ADSelfService Plus).

In some cases, the IdP itself will store the identity information of the user and use it for authentication. In other cases, it uses another identity infrastructure for authentication. ADSelfService Plus facilitates user authentication by using Active Directory identities.

To configure SAML-based SSO, the IdP and the SP need to establish trust between each other. Establishing trust typically involves configuring the SP with the SSO login URL, SSO logout URL, and X.509 certificate given by the IdP as well as configuring the IdP with the a few unique attributes that are specific to the SP. Once trust is established, the SP will delegate authentication responsibilities to the IdP.

Initiating SAML SSO in ADSelfService Plus

To initiate SAML SSO in ADSelfService Plus, users can begin with either the SP or the IdP. That means SAML SSO works regardless of whether users try logging in to their cloud app first, or ADSelfService Plus to start.

SP-initiated SSO flow

  • For the SP-initiated SSO flow, a user begins by attempting to access the SP.
  • The SP generates a SAML authentication request and redirects the user to the IdP (ADSelfService Plus) for authentication.
  • The IdP verifies whether the user is authenticated or not. If not, the user is asked to enter their authentication details.
  • Once successfully authenticated, the IdP generates a SAML response.
  • Now, the IdP redirects the user back to the SP along with the SAML response.
  • The SP validates the SAML response and grants the user access.

Single sign-on flow

IdP-inititated SSO flow:

  • For the IdP-initiated SSO flow, the user logs directly into the IdP (ADSelfService Plus).
  • Once logged in, the user clicks on the SP icon in ADSelfService Plus' app catalog.
  • ADSelfService Plus then redirects the user to the SP, along with an SAML response.
  • The SP receives the SAML response and validates it.
  • Once validated, the user is granted access.

ADSelfService Plus supports both IdP-initiated and SP-initiated SAML SSO flows for most cloud applications in its app catalog.

Benefits of SAML

Improved security: SAML authentication doesn't involve passwords. Only digitally-signed SAML requests and responses are transmitted between the SP and ADSelfService Plus. Since there's no passwords involved, it helps reduce password-related threats.

Supported by thousands of cloud apps: Almost all modern cloud apps support SAML. You can easily enable SSO for multiple apps using ADSelfService Plus.

One-click access: SAML improves user experience by eliminating the need to log in multiple times in a work day just to access different apps.

Reduced burden on IT: With SAML SSO enabled, IT admins won't have to worry about password-related help desk calls or managing identities across multiple services.

Implement SAML SSO for Cloud Apps

Want to implement SAML SSO for your cloud apps? Try ADSelfService Plus and provide your users with seamless, one-click access to cloud apps. Read this white paper to learn more about enabling Active Directory-based SAML SSO for cloud apps. 

ADSelfService Plus supports SSO for all SAML 2.0-enabled cloud applications. If you have a custom enterprise application, then you can enable SSO for that application, too, using ADSelfService Plus. Click here to learn more about SSO for custom applications.

Facilitate one login for all on-premises and cloud apps using SAML SSO.

Get your free trial  



Password self-service

Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console. 

One identity with Single sign-on

Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus! 

Password/Account Expiry Notification

Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.

Password Synchronizer

Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, Google Workspace (formerly G Suite), IBM iSeries and more. 

Password Policy Enforcer

Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.

Directory Self-UpdateCorporate Search

Portal that lets Active Directory users update their latest information and a quick search facility to scout for information about peers by using search keys, like contact number, of the personality being searched.


ADSelfService Plus trusted by