How to enable SAML-based SSO for ADSelfService Plus login using OneLogin

In this article

• Objective
• Prerequisites
• OneLogin (identity provider) configuration
• ADSelfService Plus (service provider) configuration
• Validation and confirmation
• Related topics and articles
• How to reach support

Objective

This article provides step-by-step instructions to configure SAML-based single sign-on (SSO) for ADSelfService Plus using OneLogin as the identity provider (IdP), ensuring users can access the ADSelfService Plus portal securely without entering credentials repeatedly. By the end of this guide, administrators will be able to set up and validate seamless access to ADSelfService Plus using OneLogin credentials.

Prerequisites

Before you start, log into ADSelfService Plus with admin credentials and keep the Service Provider (SP) Details section (Admin > Login Settings > Single Sign-on > Enable SSO > SAML Authentication > Service Provider (SP) Details) readily visible. You will need to copy the ACS URL/Recipient URL to OneLogin in the steps below.

OneLogin (identity provider) configuration

1. Log into OneLogin with administrator credentials.
2. Navigate to Applications and click Add App at the top-right corner of the page.
3. Under Find Applications, search for SAML Custom Connector(Advanced) application.

   

4. In the screen that opens, give your application an easily recognizable Display Name like ADSelfService Plus SSO. Click Save to create the application.
5. Under the Configuration section, enter the ACS URL/Recipient URL into the ACS (Consumer) URL Validator, ACS (Consumer) URL, Single Logout URL, Login URL Recipient, and Audience (EntityID) fields.

   

6. Under the SSO section, you will find the IdP details to be entered in ADSelfService Plus.
7. Ensure that the SAML Signature Algorithm is set to SHA-256.

   

8. Under the Users section, assign the application to users or groups based on your needs.

   

9. Configure the other settings according to your organizational requirements and click Save at the top-right corner of the page.

   You will need the metadata information from OneLogin while configuring ADSelfService Plus.

10. Download the Metadata in XML format by navigating to More Actions and then selecting SAML Metadata.

    

ADSelfService Plus (service provider) configuration

1. Log in to the ADSelfService Plus web console with admin credentials.
2. Navigate to the Admin tab > Login Settings > Single Sign On.
3. Check the Enable SSO checkbox to enable SSO for ADSelfService Plus.
4. Click the SAML Authentication radio button to enable SAML configuration for your users to log in to ADSelfService Plus portal using their OneLogin credentials.
5. Select OneLogin in the Select IdP drop-down box.

   

6. In the SAML Configuration Mode, click Upload Metadata File. Click Browse to upload the metadata file downloaded from OneLogin.
7. Click Advanced Settings. Under SAML Response Configuration, choose SHA256 as your Signature Algorithm from the drop-down.

   

8. You can leave the other fields under Advanced Settings as-is or change the configuration depending on your organization's policies.
9. Click Save.

Once done, a Sign in using: OneLogin button will appear on the ADSelfService Plus login screen, which you can click on to sign in with OneLogin.

Validation and confirmation

You can validate the SSO configuration by attempting to log into ADSelfService Plus. If the configuration is successful, you should automatically be redirected to OneLogin for identity verification, following which you should be logged into ADSelfServicePlus.

Note: If you want to disable this automatic redirection, please contact our support team.

Related topics and articles

• Configuring SAML SSO for Active Directory Federation Services (AD FS)
• Configuring SSO for SAML-enabled custom enterprise applications
• Configuring SSO for Amazon WorkSpaces

How to reach support

For further assistance, contact our support team here.

Last updated on: 18th November, 2025.