Configuring SAML SSO for ManageEngine Firewall Analyzer

These steps will guide you through setting up the single sign-on (SSO) functionality between ADSelfService Plus and Firewall Analyzer.

Prerequisite

  1. Ensure that the ADSelfService Plus server can be accessed through HTTPS Connection (Access URL must be configured as HTTPS).
  2. Log in to ADSelfService Plus as an administrator.
  3. Navigate to Configuration → Self-Service → Password Sync/Single Sign On → Add Application, then select Firewall Analyzer from the applications displayed.
    4. Note: You can also find the Firewall Analyzer application from the search bar located in the left pane or the alphabet wise navigation option in the right pane.
  4. On the Firewall Analyzer page, click IdP details in the top-right corner of the screen.
    5. Screenshot
  5. You can configure the identity provider(IDP) details by either uploading the metadata file or entering the details manually.
    1. Uploading metadata file: Click the Download IdP Metadata link to download the metadata file to be uploaded during the configuration of Firewall Analyzer.
    2. For manual configuration: In the pop-up that appears, copy the Login URL and Logout URL, then download the SSO certificate by clicking Download X.509 Certificate.
    Screenshot

Firewall Analyzer (Service Provider) configuration steps

  1. Log in to Firewall Analyzer with an administrator's credentials.
  2. In the Firewall Analyzer portal,go to Settings > General Settings > Authentication.
    3. Screenshot
  3. Select the SAML tab under Authentication.
  4. Navigate to the Service Provider Details section and copy the Entity ID and Assertion Consumer URL. These will be used in a later step.
    5. Screenshot
  5. The IdP details can be entered in two ways:

    6. A. Using the Metadata file

    1. Navigate to the Identity Provider Details section, then choose the Upload IdP metadata file radio button.
    2. Enter "ADSelfService Plus" as the IdP Name, then select Email ID from the Name ID Format drop-down.
    3. Upload the metadata file downloaded in step 5a of Prerequisite.
    4. Click Save.
    5. Click Test connection to test the connection.
    6. Click Enable SAML SSO.
      7. Screenshot

    B. Manually entering the IdP details

    1. Navigate to the Identity Provider Details section, then choose the Configure IDP information manually radio button.
    2. Next, enter "ADSelfService Plus" as the application name
    3. Enter "ADSelfService Plus" as the Name, then select Email ID from the Name ID Format drop-down.
    4. Paste the Login URL and Logout URL values copied in step 5b of Prerequisite in the IdP Login URL and IdP Logout URL fields, respectively.
      5. Note: The Logout URL is optional and can be skipped if single logout (automatically log out from ADSelfService Plus when logging out from Firewall Analyzer) is not required.
    5. Upload the X.509 certificate file downloaded in step 5b of Prerequisite in the IDP's Certificate field.
    6. Click Save.
    7. Click Test connection to test the connection.
    8. Click Enable SAML SSO.
      9. Screenshot

ADSelfService Plus (Identity Provider) configuration steps

  1. Now, switch to the ADSelfService Plus Firewall Analyzer configuration page.
  2. Enter the Application Name and Description.
  3. Enter the Domain name of your Firewall Analyzer account. For example, if you use johndoe@thinktodaytech.com to log in to Firewall Analyzer, then thinktodaytech.com is the domain name.
  4. In the Assign Policies field, select the policies for which SSO needs to be enabled.
    5. Note: ADSelfService Plus allows you to create OU and group-based policies for your AD domains. To create a policy, go to Configuration > Self-Service > Policy Configuration > Add New Policy.
  5. Select the SAML tab and check Enable Single Sign-On.
  6. Paste the Assertion Consumer URL copied in step 4 of Firewall Analyzer configuration steps in the Assertion Consumer URL field.
  7. Paste the EntityID copied in step 4 of Firewall Analyzer configuration steps in the Entity ID field.
  8. In the Name ID Format field, choose the format for the user login attribute value specific to the application.
    9. Note: Use Unspecified as the default option if you are unsure about the format of the login attribute value used by the application.
  9. Click Add Application.
    10. Screenshot

    Your users should now be able to sign into Firewall Analyzer through the ADSelfService Plus portal.

    Note: For Firewall Analyzer, both SP-initiated and IdP-initiated flows are supported.
Go to Top

Thanks!

Your request has been submitted to the ADSelfService Plus technical support team. Our technical support people will assist you at the earliest.

 

Need technical assistance?

  • Enter your email ID
  • Talk to experts
  •  
     
  •  
  • By clicking 'Talk to experts' you agree to processing of personal data according to the Privacy Policy.

Don't see what you're looking for?

  •  

    Visit our community

    Post your questions in the forum.

     
  •  

    Request additional resources

    Send us your requirements.

     
  •  

    Need implementation assistance?

    Try onboarding

     

Copyright © 2024, ZOHO Corp. All Rights Reserved.