Configuring single sign-on for SAML-enabled custom enterprise applications


ADSelfService Plus supports single sign-on (SSO) for over 100+ cloud applications right out of the box. The solution also extends its SSO support capability to any SAML-enabled custom enterprise application.

The steps given below will guide you through setting up the single sign-on functionality between ADSelfService Plus and your custom SAML applications. 

  1. Log into ADSelfService Plus web-console as an administrator.

  2. Navigate to Configuration → Self-service → Password Sync/ Single sign-on.

  3. Click New Custom App from the top right corner.

  4. Enter your Application name.

  5. Choose the Category to which the application belongs.
    For example, Analytics tool, CRM, etc.

  6. Provide a suitable option for the Supported SSO flow.

  7. Click Next.

It is advisable to contact your Service Provider and verify the supported SSO flow before choosing the correct option.


Advanced Configuration:

This section allows you to configure settings specific to the Service Provider.

  1. Upload an image for app icon in both sizes.

  2. Choose an RSA-SHA1 or RSA-SHA256 Algorithm depending on the encryption your application supports.

  3. Pick a SAML response (Signed/ Unsigned).

  4. Click Next.

Check with your Service Provider to identify the supported SSO flow and the SAML response. By default, the SAML Assertion will be 'signed'.


App configuration:

  1. In the Domain Name field, enter the domain name of your email address. For example, if you use johndoe@mydomain.com to log in, then mydomain.com is the domain name.

  2. Enter a Display name for the connection.  

  3. Based on the SSO flow you selected earlier, enter the required details.

    • If you had selected SP flow:

      • In the SAML Redirect URL field, enter the SAML redirect URL your application service provider supplies. The URL value can be found in the application’s default login page or the SSO configuration page.

      • Enter the Assertion Consumer Service (ACS) URL your application service provider provides in the ACS URL field. This value can also be found in the application's SSO configuration page.

    • If you had selected IdP flow:

      • Enter the Assertion Consumer Service (ACS) URL your application service provider in the ACS URL field. This value can also be found in the application's SSO configuration page.

      • In the Entity ID field, enter the Entity ID that your application service provider supplies. This value can also be found in the application’s SSO configuration page.

  4. Provide a Description in the respective field.

  5. In the Available Policies field, select the policies for which you wish to enable single sign-on.

  6. Click Save.

To add a new domain of the same application, locate the application from the app list and follow the App Configuration steps.

In the SSO/SAML Details pop-up screen that appears, copy the values of Login URL, Logout URL, Help URL, SHA fingeprint or download the required certificate. These values will be needed to complete the configuration at the Service Provider's end. 


Go to Top
Copyright © 2019, ZOHO Corp. All Rights Reserved.
ManageEngine