Pricing  Get Quote
 
 

Configuring single sign-on for SAML-enabled custom enterprise applications

With single sign-on (SSO), users don't need to remember each of their different passwords—instead, they can access multiple applications without logging into them every time . Most cloud applications have built-in support for SSO, but what about your custom enterprise applications? How do you enable SSO for these applications?

ADSelfService Plus, an integrated self-service password management and single sign-on solution, lets you provide Active Directory-based SSO for any SAML-enabled application. If your in-house application supports SAML, then you can use ADSelfService Plus to enable SSO for that application. With SSO enabled, users can automatically log into the custom application without having to enter their username and password. And, if you have enabled NTLM SSO in ADSelfService Plus, simply logging into Windows is enough for users to access all their applications in just one click. 

Configuration steps

The steps given below will guide you through setting up the single sign-on functionality between ADSelfService Plus and your custom SAML applications.

Step 1: Adding the custom application to ADSelfService Plus

  • Log into ADSelfService Plus web console as an administrator.
  • Navigate to Configuration → Self-service → Password Sync/ Single sign-on.
  • Click New Custom App from the top right corner.

    Custom saml apps single sign on configuration
    Custom saml apps single sign on configuration

  • Enter your Application name.
  • Choose the Category to which the application belongs. For example, Analytics tool or CRM.
  • Provide a suitable option for the Supported SSO flow.

    Note: Please check with the application service provider to know the supported SSO flow.

  • Click Next.

The advanced configuration section is not mandatory. But if the application supports a particular RSA-SHA algorithm or you want the SAML response to be unsigned, then click Advanced Configuration and update the settings.

Advanced Configuration:

This section allows you to configure settings specific to your application.

  • Upload an image for the app icon in both sizes.
  • Choose RSA-SHA1 or RSA-SHA256 Algorithm depending on the encryption your application supports.
  • Pick a SAML response (Signed/ Unsigned).

    Note: By default, the SAML Assertion will always be signed.

  • Click Next.

Step 2: Configuring SSO settings for the custom application

  • In the Domain Name field, enter the domain name of your email address. For example, if you use johndoe@mydomain.com to log into the application, then mydomain.com is the domain name.
  • Enter a Display Name for the connection.
  • Based on the SSO flow you selected earlier, enter the required details.
    1. If you had selected Only SP flow:
      • In the SAML Redirect URL field, enter the SAML redirect URL your application service provider supplies. The URL value can be found in the application’s default login page or the SSO configuration page.
      • Enter the Assertion Consumer Service (ACS) URL your application service provider provides in the ACS URL field. This value can also be found in the application’s SSO configuration page.
    2. If you had selected Only IdP flow or Both SP and IdP flows:
      • Enter the Assertion Consumer Service (ACS) URL your application service provider provides in the ACS URL field. This value can also be found in the application’s SSO configuration page.
      • In the Entity ID field, enter the Entity ID that your application service provider supplies.This value can also be found in the application’s SSO configuration page.
  • Provide a description in the respective field.
  • In the Available Policies field, select the policies for which you wish to enable single sign-on.
  • Click Save.
  • Note: After saving the configuration, click the Download Certificate link at the top right corner. In the SSO/SAML Details pop-up screen that appears, copy the Login URL, Logout URL, Help URL, and SHA fingeprint value or download the required certificate based on the application's requirement. These will be needed to complete the configuration at the application’s end.

    Once the configuration is completed, users who have logged into ADSelfService Plus can automatically log into the custom enterprise application without entering their username and password.

Note: To add a new domain of the same application, locate the application from the app list and follow the Configuring SSO settings for the custom application steps. 

Request for Support

Need further assistance? Fill this form, and we'll contact you rightaway.

  • Name
  •  
  • Business Email *
  •  
  • Phone *
  •  
  • Problem Description *
  •  
  • Country
  •  
  • By clicking 'Submit' you agree to processing of personal data according to the Privacy Policy.
Highlights

Password self-service

Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console. 

One identity with Single sign-on

Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus! 

Password/Account Expiry Notification

Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.

Password Synchronizer

Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more. 

Password Policy Enforcer

Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.

Directory Self-UpdateCorporate Search

Portal that lets Active Directory users update their latest information and a quick search facility to scout for information about peers by using search keys, like contact number, of the personality being searched.

ADSelfService Plus trusted by

Embark on a journey towards identity security and Zero Trust