Configuring SAML SSO for ManageEngine Analytics Plus

These steps will guide you through setting up the single sign-on (SSO) functionality between ADSelfService Plus and Analytics Plus.

Prerequisite

1. Ensure that the ADSelfService Plus server can be accessed through HTTPS Connection (Access URL must be configured as HTTPS).
2. Log in to ADSelfService Plus as an administrator.
3. Navigate to Configuration → Self-Service → Password Sync/Single Sign On → Add Application, then select Analytics Plus from the applications displayed.

Note: You can also find the Analytics Plus application from the search bar located in the left pane or the alphabet-wise navigation option in the right pane.

4. On the Analytics Plus configuration page, click IdP details in the top-right corner of the screen.

5. In the pop-up that appears, copy the Login URL and Logout URL(these will be used in a later step), then download the SSO certificate by clicking Download X.509 Certificate.

Analytics Plus (Service Provider) configuration steps

1. Log into Analytics Plus with administrator credentials.
2. In the Analytics Plus portal, select the settings icon () from the top-right corner of the page.

3. Select Third-party SSO under User Management.

4. On the Third-party SSO page, click Add Now.

5. Enter "ADSelfService Plus as the" Name, then paste the Login URL and Logout URL values copied in step 5 of Prerequisite in the Identity Provider Login URL and Identity Provider Logout URL fields, respectively.
6. Upload the X.509 certificate file downloaded in step 5 of Prerequisite into the Public Key field.
7. Select Save

8. The IDP details of ADSelfService Plus will now be displayed in a table along with the metadata. Click Download and copy the EntityID and AssertionConsumerService Location values from the downloaded metadata file. These will be used in a later step.

ADSelfService Plus (Identity Provider) configuration steps

1. Now, switch to the ADSelfService Plus Analytics Plus configuration page.
2. Enter the Application Name and Description.
3. Enter the Domain name of your Analytics Plus account. For example, if you use johndoe@thinktodaytech.com to log in to Analytics Plus, then thinktodaytech.com is the domain name.
4. In the Assign Policies field, select the policies for which SSO needs to be enabled.
Note: ADSelfService Plus allows you to create OU and group-based policies for your AD domains. To create a policy, go to Configuration > Self-Service > Policy Configuration > Add New Policy.
5. Select the SAML tab and check Enable Single Sign-On.
6. Paste the AssertionConsumerService Location copied in step 8 of Analytics Plus configuration steps in the Assertion Consumer URL field.
7. Paste the EntityID copied in step 8 of Analytics Plus configuration steps in the Entity ID field.
8. In the Name ID Format field, choose the format for the user login attribute value specific to the application.
Note: Use Unspecified as the default option if you are unsure about the format of the login attribute value used by the application.
9. Click Add Application.


Your users should now be able to sign into Analytics Plus through the ADSelfService Plus portal.

Note: For Analytics Plus, SSO is supported for SP and IdP initiated flows.