Configuring SAML SSO for ManageEngine Password Manager Pro

The following steps will help you enable single sign-on (SSO) to Password Manager Pro from ADSelfService Plus.

  1. Ensure that the ADSelfService Plus server can be accessed through an HTTPS connection (the Access URL must be configured as HTTPS).
  2. Log in to ADSelfService Plus as an administrator.
  3. Navigate to Configuration > Self-Service > Password Sync/Single Sign On > Add Application, and select Password Manager Pro from the applications displayed.

    4. Note: You can also find Password Manager Pro from the search bar located in the left pane or the alphabet-wise navigation option in the right pane.

  4. On the Password Manager Pro configuration page, click IdP Details in the top-right corner of the screen. A pop-up will appear.
  5. You can configure the identity provider details in Password Manager Pro by either uploading the metadata file or entering the details manually.
    • Uploading the metadata file: Download the metadata file to be uploaded during the configuration of Password Manager Pro by clicking the Download IdP Metadata link.
    • For manual configuration: Copy the Entity ID, Login URL, and Logout URL, which will be used during the configuration of Password Manager Pro. Download the SSO certificate by clicking the Download X.509 Certificate link.
Configuring SAML SSO for ManageEngine Password Manager Pro

Password Manager Pro (service provider) configuration steps

  1. Log in to Password Manager Pro with administrator credentials.
  2. Navigate to Admin > SAML Single Sign-On.
    3. Configuring SAML SSO for ManageEngine Password Manager Pro
  3. Copy the values of the Entity Id and the Assertion Consumer URL from the Service Provider Details section; these will be used later.
    4. Configuring SAML SSO for ManageEngine Password Manager Pro
  4. In the Configure Identity Provider Details section, you can either choose the Upload IdP metadata file option or the Configure IdP information manually option.
    • If you choose the Upload IdP metadata file option, upload the metadata file downloaded in step 5a of the prerequisites and click Upload.
      • Configuring SAML SSO for ManageEngine Password Manager Pro
    • If you choose the Configure IdP information manually option, paste the Entity ID value copied in step 5b of the prerequisites in the Issuer field.
    • In the IdP Login URL field, enter the Login URL value copied in step 5b of the prerequisites.
    • Choose the HTTP-Redirect binding option in the Protocol Binding field.
    • In the IdP Logout URL field, enter the Logout URL value copied in step 5b of the prerequisites.

      • Note: The Logout URL is optional and can be skipped if single logout (automatically log out from ADSelfService Plus when logging out from Password Manager Pro) is not required.

    • Click Save.
      • Configuring SAML SSO for ManageEngine Password Manager Pro
    • In the Import IdP's Certificate section, select the Upload IdP Cert File now option.
    • In the Import Certificate field, upload the X.509 certificate downloaded in step 5b of the prerequisites and click Save.
      • Configuring SAML SSO for ManageEngine Password Manager Pro
  5. In the Enable/Disable SAML Single Sign On section, click the Enable Now button.
    6. Configuring SAML SSO for ManageEngine Password Manager Pro

ADSelfService Plus (identity provider) configuration steps

  1. Switch to ADSelfService Plus' Password Manager Pro configuration page.
  2. Enter the Application Name and Description.
  3. Enter the Domain Name of your Password Manager Pro account. For example, if you use johndoe@pmp.com to log in to Password Manager Pro, then pmp.com is the domain name.
  4. In the Assign Policies field, select the policies for which SSO needs to be enabled.

    5. Note: ADSelfService Plus allows you to create OU- and group-based policies for your AD domains. To create a policy, go to Configuration > Self-Service > Policy Configuration > Add New Policy.

  5. Select the SAML tab and check Enable Single Sign-On.
  6. In the Assertion Consumer URL field, enter the Assertion Consumer URL copied in step 3 of Password Manager Pro configuration.
  7. In the Entity ID field, enter the Entity Id value copied in step 3 of Password Manager Pro configuration.
  8. In the Name ID Format field, choose the format for the user login attribute value specific to the application.

    9. Note: Use Unspecified as the default option if you are unsure about the format of the login attribute value used by the application.

  9. Click Add Application.
Configuring SAML SSO for ManageEngine Password Manager Pro

Your users should now be able to sign in to Password Manager Pro through the ADSelfService Plus portal.

Note: For Password Manager Pro, both SP-initiated and IdP-initiated flows are supported.

Go to Top

Thanks!

Your request has been submitted to the ADSelfService Plus technical support team. Our technical support people will assist you at the earliest.

 

Need technical assistance?

  • Enter your email ID
  • Talk to experts
  •  
     
  •  
  • By clicking 'Talk to experts' you agree to processing of personal data according to the Privacy Policy.

Don't see what you're looking for?

  •  

    Visit our community

    Post your questions in the forum.

     
  •  

    Request additional resources

    Send us your requirements.

     
  •  

    Need implementation assistance?

    Try onboarding

     

Copyright © 2024, ZOHO Corp. All Rights Reserved.