ADSelfService Plus single sign-on (SSO) eliminates the need for multiple user IDs and passwords, streamlines login experience of users, and improves security. It uses Active Directory credentials to verify users’ identities, and OU and group-based policies to controls access to various cloud applications. Users have to remember only their Windows username and password to access all their enterprise applications.
ADSelfService Plus uses the secure and widely adopted industry standard Security Assertion Markup Language 2.0 (SAML 2.0) to provide SSO. It also supports multi-factor authentication during login to ensure security.
Note: To configure single sign-on, you will be prompted to upload a verification certificate/certificate fingerprint received from the identity provider. To get the identity provider certificate, go to Configuration --> Password Sync/Single Sign On and click SSO/SAML Details. Copy the SHA1 FingerPrint and click on the link Download SSO Certificate to download the SSO Certificate.
Identity Provider-initiated vs. Service Provider-initiated flow:
There are two ways through which users can log in to an application or a service using SSO.
Identity provider (IdP) initiated SSO
Service provider (SP) initiated SSO
Here, the IdP refers to ADSelfService Plus and the SP refers to the cloud application or service. To initiate SSO, users can begin at either the IdP or the SP.
In an IdP-initiated SSO, users log in to the ADSelfService Plus page, and click an application. The application will open in a new tab and the users will be logged in automatically.
In a SP-initiated SSO, when users click on an application link, they will be taken to the login page of the SP. After entering their username or selecting the SAML SSO option, the SP will redirect the users to the IdP. Users then need to log in to the IdP to be able to access the SP.
ADSelfService Plus supports only one of these flows for some applications.Supported Applications
ADSelfService Plus lets you provide Active Directory-based SSO for any SAML-enabled application.