Single Sign-on

Single sign-on (SSO) is a user authentication process that enhances both user experience and security by simplifying and reducing the burden of managing multiple credentials. It provides administrators with centralized control over access management and security policies.

In a large enterprise, employees must often navigate multiple login screens to obtain access to the applications they need. This is a challenging, inefficient, and frustrating process. Organizations address this by implementing SSO, which streamlines access for employees through one-click entry to multiple enterprise apps. By reducing login friction, SSO enhances productivity and the user experience, alleviating the burden of managing multiple credentials and simplifying access management for administrators.

Identity360 offers three sign-in methods for SSO:

• SAML: An XML-based protocol that links authentication and authorization services to access-protected resources. Identity360 supports the secure and widely adopted industry standard SAML 2.0.
• OAuth/OpenID Connect: An authorization protocol that allows authenticated resource accesses between servers and services without sharing any logon credentials. Identity360 supports OAuth 2.0, along with OpenID Connect for authentication. OpenID Connect is an identity layer built on the OAuth framework.
• Bookmark: A method that saves application login URLs and provides one-click access—ideal for legacy or non-SAML/OAuth apps.

Application integration:

Identity360 supports a diverse range of applications to enhance your organization's efficiency, including over 400 pre-integrated apps that offer seamless, one-click access for users through their portal. Additionally, we support the configuration of custom applications tailored to your unique organizational needs.

• Add existing app integrations
• Create custom app integrations

Single Sign-on dashboard

The Single Sign-on dashboard in ManageEngine Identity360 provides an overview of all the applications you have configured for SSO. It also provides various settings to ensure a seamless SSO experience for all users.

Managing application access

Select the desired applications you want and use the assign or unassign controls to manage access. You can grant or restrict access based on specific users or groups.

Application name

Displays a list of all the applications configured for SSO.

Sign-in Method

Shows the protocol used for SSO configuration.

IdP details

Click View in the IdP Details section to access the metadata details, including the X509 certificate file, which are required by the service provider for enabling SSO.

Assigned To

View the list of users and groups assigned to a specific app for SSO. You can select users and groups and then choose to unassign the app from them.

This is used to manage app assignments in Identity360. Once an app is integrated, you can click on users () or groups () to assign the app to them. This section also allows you to view the list of users and groups assigned to a specific app for SSO. You can select individual users or groups and choose to unassign the app as needed.

SAML Certificate Expiring On

It's important to renew certificates before they expire to ensure a consistent SAML SSO connection. The default expiration tenure for SAML certificates is typically one year. You can check the expiration date under this column. Click Renew to generate a new X.509 certificate and IdP metadata file to update the existing SSO configuration.

Assertion/Claims Customization

Attribute customization in SSO allows you to tailor user information to meet specific application requirements. It ensures that user details are correctly mapped from the identity provider to the service provider (the application).

When the identity provider sends user information to the application, it includes key details such as the user’s name and email address. These details help the application identify the user and determine their access rights.

The Customize option under SSO Attribute Mapping allows you to tailor how user information is represented and mapped during SSO integrations to ensure accurate data transfer. There are two customization types you can configure:

Universal Directory Attributes: These are standard attributes pulled directly from user records stored in the Universal Directory. Some examples include Email, Display Name, Department, Employee ID, and more. They reflect real-time user data and can be mapped directly to the integrated application.

Naming Formats: These allow you to create custom naming conventions based on your organization’s requirements, which can be used during attribute mapping for SSO applications. These help bridge the gap between your directory structure and the naming expectations of third-party apps—making SSO integration more seamless and reliable. Click here to learn how to create or edit a naming format.