Integration Hub ADManager Plus SSO

Steps to configure SAML SSO for ManageEngine ADManager Plus

About ADManager Plus

ADManager Plus streamlines identity governance and administration for AD, Microsoft 365, Exchange, Skype for Business, and Google Workspace, simplifying routine tasks and enabling custom workflow structures for automation and compliance.

The following steps will help you enable single sign-on (SSO) for ADManager Plus from Identity360.

Prerequisites

  1. The MFA and SSO license for Identity360 is required to enable SSO for enterprise applications. For more information, refer to pricing details.
  2. Log in to Identity360 as an Admin or Super Admin.
  3. Navigate to Applications > Application Integration > Create New Application, and select ADManager Plus from the applications displayed.
    Note: You can also find ADManager Plus from the search bar located at the top.
  4. Under the General Settings tab, enter the Application Name and Description.
  5. Under Choose Capabilities tab, choose SSO and click Continue.
    Identity360 application configuration general settingsGeneral settings of SSO configuration for ADManager Plus
  6. Under Integration Settings, navigate to the Single Sign On tab, click on Metadata Details. You can configure ADManager Plus by either uploading the metadata file or entering the details manually.
    • For uploading metadata file: Download the metadata file to be uploaded during the configuration of ADManager Plus in Identity360 by clicking Download from the Metadata field.
    • For manual configuration: Copy the Entity ID, Login URL, Logout URL, and Signing certificate (X.509 certificate), which will be used during the configuration of ADManager Plus.
    Identity360 application configuration integration settingsIntegration Settings of SSO configuration for ADManager Plus

ADManager Plus (service provider) configuration steps

  1. Log in to ADManager Plus with admin credentials.
  2. Navigate to Delegation > Configuration > Logon Settings > Single Sign-On.
  3. Select the Enable Single Sign-on with Active Directory check box.
  4. Choose the SAML Authentication radio button.
  5. In the Configure Identity Provider section, enter the details given below.
    • In the Identity Provider (IdP) field, choose the Custom SAML option.
    • For SAML Config Mode, you can either choose the Upload Metadata File option or the Manual Configuration option.
      ADManager Plus Set up SSOConfiguration of SAML SSO from ADManager Plus
    • If you choose the Upload Metadata File option, upload the metadata file downloaded in step 6a of the prerequisites section.
      ADManager Plus metadata configurationMetadata configuration from ADManager Plus
    • If you choose the Manual Configuration option, paste the Entity ID value copied in step 6b of the prerequisites section in the Issuer URL/Entity ID field.
    • In the IdP Login URL field, enter the Login URL value copied in step 6b of the prerequisites section.
    • In the IdP Logout URL field, enter the Logout URL value copied in step 6b of the prerequisites section.
      Note: The Logout URL is optional and can be skipped if single logout (automatically log out from Identity360 when logging out from ADManager Plus) is not required.
    • Paste the entire contents of the X.509 certificate (SSO certificate) copied in step 6b of the prerequisites section in the X.509 Certificate field.
      ADManager Plus manual configurationManual configuration from ADManager Plus
  6. Copy the values of the ACS/Recipient URL and the Issuer URL/Entity ID from the Service Provider Details section; these will be used later.
    ADManager Plus configuration detailsConfiguration details from ADManager Plus
  7. In the Mapping Attribute Selection section, click the Mapping Attribute drop-down and select the user attribute that you wish to map with that of Identity360.
  8. Select the Force SAML Login option located at the right bottom of this page if you wish to force users to log in to ADManager Plus only through SSO.
  9. Click Save.

Identity360 (identity provider) configuration steps

  1. Switch to Identity360's application configuration page.
  2. In the ACS URL field, enter the ACS/Recipient URL copied in step 6 of ADManager Plus configuration.
  3. In the Entity ID field, enter the Issuer URL/Entity ID value copied in step 6 of ADManager Plus configuration.
  4. Click Save.
    Identity360 application configurationIntegration Settings of SSO configuration for ADManager Plus
  5. To learn how to assign users or groups to one or more applications, refer to this page.

Your users should now be able to sign in to ADManager Plus through the Identity360 portal.

Note: For ADManager Plus, both SP-initiated and IdP-initiated flows are supported.

Steps to enable MFA for ADManager Plus

Setting up MFA for ADManager Plus using Identity360 involves the following steps:

  1. Set up one or more authenticators for identity verification when users attempt to log in to ADManager Plus. Identity360 supports various authenticators, including Google Authenticator, Zoho OneAuth, and email-based verification codes. Click here for steps to set up the different authenticators.
  2. Integrate ADManager Plus with Identity360 by configuring SSO using the steps listed here.
  3. Now, activate MFA for ADManager Plus by following the steps mentioned here.

How does MFA for applications work in Identity360?

  SSO Integration flow diagram  

Don't see what you're looking for?

  •  

    Visit our community  

    Post your questions in the forum.

     
  •  

    Request additional resources  

    Send us your requirements.