Configuring single sign-on for SAML-enabled custom enterprise applications
ADSelfService Plus supports single sign-on (SSO) for over 100+ cloud applications right out of the box. The solution also extends its SSO support capability to any SAML-enabled custom enterprise application.
Prerequisites:
- Login to the enterprise application (service provider) for which custom application going to be created.
- Get Metadata or Entity ID/SAML Redirect URL and ACS URL from the enterprise application
Create Custom Application
The steps given below will guide you through setting up the single sign-on functionality between ADSelfService Plus and your custom SAML applications.
-
Log into ADSelfService Plus web-console as an administrator.
-
Navigate to Password Sync/Single Sign On → Add Application → Custom Application.
-
Enter your Application name and Description.
-
In the Domain Name field, enter the domain name of your email address. For example, if you use johndoe@mydomain.com to log in, then mydomain.com is the domain name.
-
Upload an image for app icon in both sizes.
-
Provide a suitable option for the Supported SSO flow.
Note:
It is advisable to contact your Service Provider and verify the supported SSO flow before choosing the correct option.
- Automatic Configuration :
If you have metadata downloaded in Step 2 of Prerequisites, upload the downloaded Metadata file or follow step 8 given below.
- Manual Configuration :
Based on the SSO flow you selected earlier, enter the required details.
- Under Provider Settings :
-
Choose an RSA-SHA1 or RSA-SHA256 Algorithm depending on the encryption your application supports.
-
Pick a SAML response (Signed/ Unsigned).
-
Choose the XML canonicalization method to be used. Canonicalization method is the process of converting the XML content to a standardized format by the IdP and SP. The algorithm you choose is used for signing the SAML response and assertion.
-
Choose the Name ID format that has to be sent in the SAML response. The Name ID format will specify the type of value sent in the SAML response for user identity verification.
-
Click Create Custom Application.
Note:
Check with your Service Provider to identify the supported SSO flow and the SAML response. By default, the SAML Assertion will be 'signed'.