Single Sign-on

Single sign-on (SSO) is a user authentication process that enhances both user experience and security by simplifying and reducing the burden of managing multiple credentials. It provides administrators with centralized control over access management and security policies.

In a large enterprise, employees must often navigate multiple login screens to obtain access to the applications they need. This is a challenging, inefficient, and frustrating process. Organizations address this by implementing SSO, which streamlines access for employees through one-click entry to multiple enterprise apps. By reducing login friction, SSO enhances productivity and the user experience, alleviating the burden of managing multiple credentials and simplifying access management for administrators.

Identity360 offers three sign-in methods for SSO:

• SAML: An XML-based protocol that links authentication and authorization services to access-protected resources. Identity360 supports the secure and widely adopted industry standard SAML 2.0.
• OAuth/OpenID Connect: An authorization protocol that allows authenticated resource accesses between servers and services without sharing any logon credentials. Identity360 supports OAuth 2.0, along with OpenID Connect for authentication. OpenID Connect is an identity layer built on the OAuth framework.
• Bookmark: A method that saves application login URLs and provides one-click access—ideal for legacy or non-SAML/OAuth apps.

Application integration:

Identity360 supports a diverse range of applications to enhance your organization's efficiency, including over 400 pre-integrated apps that offer seamless, one-click access for users through their portal. Additionally, we support the configuration of custom applications tailored to your unique organizational needs.

• Add existing app integrations
• Create custom app integrations

Single Sign-on dashboard

The Single Sign-on dashboard in ManageEngine Identity360 provides an overview of all the applications you have configured for SSO. It also provides various settings to ensure a seamless SSO experience for all users.

Managing application access

Select the desired applications you want and use the assign or unassign controls to manage access. You can grant or restrict access based on specific users or groups.

Application name

Displays a list of all the applications configured for SSO.

Sign-in Method

Shows the protocol used for SSO configuration.

IdP details

Click View in the IdP Details section to access the metadata details, including the X509 certificate file, which are required by the service provider for enabling SSO.

Assigned To

View the list of users and groups assigned to a specific app for SSO. You can select users and groups and then choose to unassign the app from them.

This is used to manage app assignments in Identity360. Once an app is integrated, you can click on users () or groups () to assign the app to them. This section also allows you to view the list of users and groups assigned to a specific app for SSO. You can select individual users or groups and choose to unassign the app as needed.

SAML Certificate Expiring On

It's important to renew certificates before they expire to ensure a consistent SAML SSO connection. The default expiration tenure for SAML certificates is typically one year. You can check the expiration date under this column. Click Renew to generate a new X.509 certificate and IdP metadata file to update the existing SSO configuration.

Assertion/Claims Customization

Attribute customization in SSO allows you to tailor user information to meet specific application requirements. It ensures how these attributes should be mapped from the identity provider (Identity360) to the service provider (the application).

When the identity provider (Identity360) sends user information to the application, it includes key details like the user’s name, email address, and roles. These details are tailored to the application’s needs, allowing it to identify the user quickly and determine their access rights.

The Customize option allows you to add and specify additional attributes, specifying which user information from the Universal Directory should be included and how it should be mapped to the integrated directory (service provider), ensuring accurate data is received by the service provider.