Steps to configure SAML SSO for ManageEngine AD360

About AD360

AD360 is a unified IAM solution that offers features such as user provisioning, password management, group policy management, and auditing, aiding organizations in ensuring efficient operations and robust security posture.

The following steps will help you enable single sign-on (SSO) for AD360 from Identity360.

Prerequisites

1. The MFA and SSO license for Identity360 is required to enable SSO for enterprise applications. For more information, refer to pricing details.
2. Log in to Identity360 as an Admin or Super Admin.
3. Navigate to Applications > Application Integration > Create New Application, and select AD360 from the applications displayed.
   Note: You can also find AD360 from the search bar located at the top.
4. Under the General Settings tab, enter the Application Name and Description.
5. Under the Choose Capabilities tab, choose SSO and click Continue.
   General settings of SSO configuration for AD360
6. Under Integration Settings, navigate to the Single Sign On tab, click on Metadata Details. You can configure AD360 by either uploading the metadata file or entering the details manually.
   • Uploading metadata file: Download the metadata file to be uploaded during the configuration of AD360 in Identity360 by clicking Download from the Metadata field.
   • For manual configuration: Copy the Entity ID, Login URL, Logout URL, and Signing certificate (X.509 certificate), which will be used during the configuration of AD360.
     Integration Settings of SSO configuration for AD360

AD360 (service provider) configuration steps

1. Log in to AD360 with admin credentials.
2. Navigate to AD360 > Admin > Administration > Logon Settings > Single Sign-On.
3. Select the Enable Single Sign-on with Active Directory check box.
   Configuration of SAML SSO from AD360
4. Choose the SAML Authentication radio button.
5. In the Configure Identity Provider section, enter the details given below.
   • In the Identity Provider (IdP) field, choose the Custom Provider option.
   • Enter the IdP Provider Name and upload the IdP Provider Logo, if required.
   • For SAML Configuration Mode, you can either choose the Upload Metadata File option or the Manual Configuration option.
     • If you choose the Upload Metadata File option, upload the metadata file downloaded in step 6a of the prerequisites section.
       Metadata configuration from AD360
     • If you choose the Manual Configuration option, paste the Entity ID value copied in step 6b of the prerequisites section in the Issuer URL/Entity ID field.
     • In the IdP Login URL field, enter the Login URL value copied in step 6b of the prerequisites section.
     • In the IdP Logout URL field, enter the Logout URL value copied in step 6b of the prerequisites section.
       Note: The Logout URL is optional and can be skipped if single logout (automatically log out from Identity360 when logging out from AD360) is not required.
     • Paste the entire contents of the X.509 certificate copied in step 6b of the prerequisites section in the X.509 Certificate field.
     Manual configuration from AD360
6. Copy the values of the ACS/Recipient URL and the Issuer URL/Entity ID from the Service Provider Details section; these will be used later.
   Configuration details from AD360
7. Select the Force SAML Login option located at the bottom of this page if you wish to force users to log in to AD360 only through SSO.
8. Click Save.

Identity360 (identity provider) configuration steps

1. Switch to Identity360's application configuration page.
2. In the ACS URL field, enter the ACS/Recipient URL copied in step 6 of AD360 configuration.
3. In the Entity ID field, enter the Issuer URL/Entity ID value copied in step 6 of AD360 configuration.
4. Click Save.
   Integration Settings of SSO configuration for AD360
5. To learn how to assign users or groups to one or more applications, refer to this page.

Your users should now be able to sign in to AD360 through the Identity360 portal.