Pricing  Get Quote

SAML single sign-on

Single sign-on for SAML-enabled custom applications

Today’s work environment requires users to go through a number of logins to get their work done. Password management can quickly spiral out of control with the addition of each new application. With single sign-on (SSO), users don't need to remember each of their different passwords—instead, they can access multiple applications with a single click.

Most cloud applications have built-in support for SSO, but what about your custom enterprise applications? How do you provide SSO for these applications? It's simple: SSO in ADSelfService Plus.

ADSelfService Plus provides Active Directory-based SSO for any Security Assertion Markup Language (SAML)-enabled application. If your in-house, custom application supports SAML, that means you can use ADSelfService Plus to provide SSO for that application.

Secure, one-click access for any SAML-based application

ADSelfService Plus integrates your SAML-enabled application with Active Directory to provide SSO. Users can simply log into their Windows machine once using their Active Directory domain credentials. Once they've successfully logged in, they can seamlessly access any SAML-enabled enterprise application configured with SSO in ADSelfService Plus, all without having to enter their username and password.

ADSelfService Plus supports both a service provider-initiated SSO flow and an identity provider-initiated SSO flow. Learn more about how ADSelfService Plus provides SSO using SAML authentication.

If you're ready to get started, here’s a step-by-step guide on how to configure SSO for your custom SAML-enabled enterprise applications using ADSelfService Plus.

SSO configuration for custom applications

The steps below guide you through setting up SSO for your custom SAML applications using ADSelfService Plus.


  1. Log in to the enterprise application (service provider).
  2. Get the metadata file or the Entity ID/SAML Redirect URL and Assertion Consumer Service (ACS) URL from the enterprise application.

Configuration in ADSelfService Plus

  1. Download and install ADSelfService Plus if you haven't already.
  2. Log in to the ADSelfService Plus web console as an administrator.
  3. Navigate to Password Sync/Single Sign On > Add Application > Custom Application.
  4. Enter your Application Name and Description.
  5. Enter the domain name of your email address in the Domain Name field. For example, if you use to log in, then is the domain name.
  6. Upload an image for the app icon in both sizes.
  7. Provide a suitable option for the Supported SSO Flow.
    Note: We advise contacting your service provider and verifying the supported SSO flow before choosing the Supported SSO flow option.
  8. Automatic Configuration: If you downloaded metadata from Step 2 of the Prerequisites section, upload the downloaded metadata file in the Upload Metadata field or follow step 9 below.
  9. Manual configuration: Based on the SSO flow you selected earlier, enter the required details.
    • If you had selected SP Initiated flow:
      • Enter the SAML redirect URL your application service provider supplies in the SAML Redirect URL field. The URL value can be found in the application’s default login page or the SSO configuration page.
      • Enter the ACS URL your application service provider provides in the ACS URL field. This value can also be found in the application's SSO configuration page.
    • If you selected IdP Initiated flow:
      • Enter the ACS URL your application service provider supplies in the ACS URL field. This value can also be found in the application's SSO configuration page.
      • Enter the entity ID that your application service provider supplies in the Entity ID field. This value can also be found in the application’s SSO configuration page.
  10. Under provider settings:
    • Choose the RSA-SHA1 or RSA-SHA256 algorithm depending on the encryption your application supports.
    • Pick a SAML response (signed/unsigned).
    • Choose the XML canonicalization method to be used. The canonicalization method is the process of converting the XML content to a standardized format by the Identity Provider and Service Provider. The algorithm you choose is used for signing the SAML response and assertion.
  11. Click Create Custom Application.
Note: Check with your service provider to identify the supported SSO flow and the SAML response. By default, the SAML assertion will be signed.

Single sign-on for SAML-enabled custom applications


Supports any SAML-enabled app: If your application is SAML-enabled, then you can easily enable SSO for that application using ADSelfService Plus.

Improves security: ADSelfService Plus supports two-factor authentication for SSO logins, which provides an extra layer of protection to your applications.

One-click access: ADSelfService Plus improves the user experience by eliminating the need to log in multiple times in a work day just to access different applications.

Reduced burden on IT: With ADSelfService Plus, IT admins won't have to worry about password-related help desk calls or managing identities across multiple services.

Facilitate single sign login for all on-premises and cloud apps using SAML SSO.

Get your free trial  

Password self-service

Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console. 

One identity with Single sign-on

Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus! 

Password/Account Expiry Notification

Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.

Password Synchronizer

Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more. 

Password Policy Enforcer

Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.

Directory Self-UpdateCorporate Search

Portal that lets Active Directory users update their latest information and a quick search facility to scout for information about peers by using search keys, like contact number, of the personality being searched.

ADSelfService Plus trusted by