Configuring single sign-on for SAML-enabled custom enterprise applications

Note: SSO for applications is available only with the Endpoint MFA.

ADSelfService Plus supports single sign-on (SSO) for over 100 cloud applications right out of the box. The solution also extends its SSO support capability to any SAML-enabled custom enterprise application.

Prerequisites:

  1. Log in to the enterprise application (service provider).
  2. Get the metadata file or the Entity ID/SAML Redirect URL and Assertion Consumer Service (ACS) URL from the enterprise application.

Create a custom application

The steps given below will guide you through setting up SSO for your custom SAML applications using ADSelfService Plus.

  1. Log in to the ADSelfService Plus web console as an administrator.
  2. Navigate to Password Sync/Single Sign On > Add Application > Custom Application.
  3. Enter your Application Name and Description.
  4. Enter the domain name of your email address in the Domain Name field. For example, if you use johndoe@mydomain.com to log in, then mydomain.com is the domain name.
  5. Upload an image for the app icon in both sizes.
  6. Provide a suitable option for the Supported SSO Flow.
  7. Note: We advise contacting your service provider and verifying the supported SSO flow before choosing the Supported SSO flow option.
  8. Automatic Configuration: If you downloaded metadata from Step 2 of Prerequisites section, upload the downloaded metadata file in the Upload Metadata field or follow step 8 below.
  9. Manual configuration: Based on the SSO flow you selected earlier, enter the required details.
    • If you had selected SP flow:
      • Enter the SAML redirect URL your application service provider supplies in the SAML Redirect URL field. The URL value can be found in the application’s default login page or the SSO configuration page.
      • Enter the ACS URL your application service provider provides in the ACS URL field. This value can also be found in the application's SSO configuration page.
    • If you selected IdP flow:
      • Enter the ACS URL your application service provider supplies in the ACS URL field. This value can also be found in the application's SSO configuration page.
      • Enter the entity ID that your application service provider supplies in the Entity ID field. This value can also be found in the application’s SSO configuration page.
  10. Under provider settings:
    • Choose the RSA-SHA1 or RSA-SHA256 algorithm depending on the encryption your application supports.
    • Pick a SAML response (signed/unsigned).
    • Choose the XML canonicalization method to be used. The canonicalization method is the process of converting the XML content to a standardized format by the IdP and SP. The algorithm you choose is used for signing the SAML response and assertion.
    • Choose the Name ID format that has to be sent in the SAML response. The Name ID format will specify the type of value sent in the SAML response for user identity verification.
  11. Click Create Custom Application.
  12. Note: Check with your service provider to identify the supported SSO flow and the SAML response. By default, the SAML assertion will be signed.

    Thanks!

    Your request has been submitted to the ADSelfService Plus technical support team. Our technical support people will assist you at the earliest.

     

    Need technical assistance?

    • Enter your email ID
    • Talk to experts
    •  
       
    •  
    • By clicking 'Talk to experts' you agree to processing of personal data according to the Privacy Policy.

    Don't see what you're looking for?

    •  

      Visit our community

      Post your questions in the forum.

       
    •  

      Request additional resources

      Send us your requirements.

       
    •  

      Need implementation assistance?

      Try onboarding

       

Copyright © 2024, ZOHO Corp. All Rights Reserved.