Configuring SAML SSO for Envoy

These steps will guide you through setting up the single sign-on functionality between ADSelfService Plus and Envoy

Prerequisite

Log in to ADSelfService Plus as an administrator.
Navigate to Configuration → Self-service → Password Sync/Single Sign-on.
Search for Envoy and select it.
Click Download SSO Certificate link in the top-right corner of the screen.
In the SSO/SAML Details pop-up screen that appears, note down the values of Login URL and FingerPrint. We will need these values in a later step.

Envoy (Service Provider) configuration steps

Now, log in to your Envoy administrator account.
Navigate to Settings → Integrations → Single Sign-on (SAML) and click Install.
In the FINGERPRINT field, enter the value of the FingerPrint you had saved in Step 5 of Prerequisite.
In the IDENTITY PROVIDER HTTP SAML URL, enter the Login URL value you had saved in Step 5 of Prerequisite.

Toggle the REQUIRED switch to green, if you want to force SSO for all users except Global Admin users.

From the SAML SSO Redirect URL, copy the Account ID number. This value will serve as the input for Account ID while configuring Envoy in ADSelfService Plus.

Click Save.

ADSelfService Plus (Identity Provider) configuration steps

Now, switch to ADSelfService Plus’ Envoy configuration page.

In the Domain Name field, enter the domain name of your email address. For example, if you use johndoe@thinktodaytech.com to log in to Envoy, then thinktodaytech.com is the domain name.

In the Account Id field, enter the Account ID value you had saved in Step 6 of Envoy configuration.
Enter a Description for the connection.
In the Available Policies field, select the policies for which you wish to enable single sign-on.

Click Save.

Your users should now be able to sign in to Envoy through ADSelfService Plus.

For Envoy, both IdP-initiated and SP-initiated flows are supported.

Go to Top

ManageEngine