SAML

Steps to configure SAML-based SSO for custom applications:

  1. Log in to Identity360 as an Admin or Super Admin.
  2. Navigate to Applications → Application Integration and click Create New Application.
  3. In the Manage Applications menu, click Custom Application.
  4. In the General Settings tab, enter the Application Name and Domain Name and upload the icons for the application if available.
  5. Select SSO under the Choose Capabilities section to enable SSO for the custom application and click Continue.
  6. Select the SAML in the Method option and choose the supported SSO flow.
  7. Note:

    SP-initiated SSO

    • A user attempts to log in to the service provider (SP).
    • The user is redirected to the Identity360 login page, where the user enters their directory login credentials.
    • Identity360 verifies the user login, and if successful, issues an authentication claim, which is handed to the SP along with the redirection link. The claim does not contain the password. It has other personal attributes like the last name, first name, email address, and more.
    • The SP accepts this claim after verifying the digital signature of the identity service provider (IdP) and logs the user in.

    IdP-initiated SSO

    • A user logs in to the Identity360 portal.
    • To access an application, they select the corresponding application's icon in the Applications tab.
    • Identity360 sends the authentication claim to the SP directly, as they are already logged in to Identity360.
    • The SP accepts this claim after verifying the digital signature of IdP and logs the user in.
  8. If the application has a Metadata file, click Browse and select the XML file.
  9. If you don’t have a metadata file, enter the following details:
    • In the SAML URL field, enter the SAML redirect URL provided by your application service provider. The URL value can be found in the application’s default login page or in the SSO configuration page.
    • In the ACS URL field, enter the Assertion Consumer Service (ACS) URL provided by your application service provider. This value can be found in the application's SSO configuration page.
    • If the application you are trying to add supports only IdP-initiated SSO, then you must enter the Entity ID value of the application.
  10. You can provide the relay state value for the service provider, enabling swift redirection of users to the specified console after the SAML SSO login. If the relay state is not specified, users will be directed to the service provider's default landing page following authentication.
  11. Click Save.
  12. To view the IdP details for that application, navigate to the Applications tab > SSO. Click on View under IDP Details.
  13. Copy the Login URL, Logout URL, SHA1 Fingerprint, and either copy the metadata URL, or download the metadata file based on the requirements set by your application.
  14. Name Description
    Login URL Login URL is where the IdP expects the SP to redirect the user for authentication of the user's identity.
    Logout URL Logout URL is where the user is redirected after logging out from the SP.
    SHA1 Fingerprint The SHA1 Fingerprint is used by the SP to validate the signature of the SAML response sent by the IdP for user authentication.
    Metadata URL The Metadata URL holds the SAML configuration details of the IdP in an XML format.
  15. Follow the configuration procedure as outlined in your application to enable SAML SSO to finish the setup.

Learn how to configure SAML SSO in Identity360 for:

Copyright © 2024, ZOHO Corp. All Rights Reserved.