These steps will guide you through setting up the single sign-on functionality between ADSelfService Plus and ADP.
Log in to ADSelfService Plus as an administrator.
Navigate to Configuration → Self-service → Password Sync/Single Sign-On.
Search for ADP and select it.
In the SSO/SAML Details pop-up screen that appears, note down the value of Login URL. We will need these values in a later step.
Click Download SSO certificate and save the file (PEM file). We will need this in a later step.
ADP (Service Provider) configuration steps
You will have to contact the ADP support to complete the configuration. Mail the Entity ID (Refer Step 5 of Prerequisite) and the downloaded certificate (Refer step 6 of Prerequisite) to ADP support.
Request ADP support for Company ID, Application ID, Entity ID and ACS URL.
Create Active Directory custom attributes for CompanyID and ApplicationID. ADP requires you to update the respective values in AD user attributes to enable SSO configuration.
ADSelfService Plus (Identity Provider) configuration steps
Now, switch to ADP configuration page in ADSelfService Plus console.
In the Domain Name field, enter the domain name of your email address. For example, if you use firstname.lastname@example.org to log in to ADP, then adp.com is the domain name.
In the ACS URL field, enter the value provided by the ADP support.
In the Entity ID field, enter the value provided by the ADP support.
Enter a Description for the connection.
In the Available Policies field, select the policies for which you wish to enable single sign-on.
Your users should now be able to sign in to through ADSelfService Plus.
For ADP, only IdP-initiated flow is supported.