Configuring SAML SSO for Recognize

These steps will guide you through setting up the single sign-on functionality between ADSelfService Plus and Recognize

Prerequisite

  1. Log in to ADSelfService Plus as an administrator.
  2. Navigate to  Configuration → Self-Service → Password Sync/Single Sign On → Add Application, and select Recognize from the applications displayed.
    Note: You can also find Recognize application that you need from the search bar located in the left pane or the alphabet wise navigation option in the right pane.
  3. Click IdP details in the top-right corner of the screen.
  4. In the pop-up screen that appears, copy the values of Login URL and Logout URL, and click Download SSO certificate and save the certificate file (PEM file). We will need these values and file in later steps.
  5. IDP Details

Recognize (Service Provider) configuration steps

  1. Now, log in to your Recognize administrator account.
  2. Navigate to Menu → Company Domain.
  3. Under Company Dashboard, click Settings.

    Screenshot
  4. Scroll down Settings, Under SSO settings , toggle the pointer Enable SSO to Yes.

    Screenshot
  5. In the both Entity Id and SSO target URL fields, paste the Login URL value you had saved in Step 4 of Prerequisite.
  6. In SLO target URL, paste the Logout URL value you had saved in Step 4 of Prerequisite.
  7. In Name identifier format field make sure, urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport is present.
  8. In Certificate, paste the certificate value that you had downloaded in Step 4 of Prerequisite in the text box.
  9. Click Save Settings changes.

ADSelfService Plus (Identity Provider) configuration steps

  1. Now, switch to ADSelfService Plus’ Recognize configuration page.
  2. Enter the Application Name and Description.
  3. In the Assign Policies field, select the policies for which SSO need to be enabled.
    Note:ADSelfService Plus allows you to create OU and group-based policies for your AD domains. To create a policy, go to Configuration → Self-Service → Policy Configuration → Add New Policy.
  4. Select Enable Single Sign-On.
  5. Enter the Domain Name of your Recognize account. For example, if you use johndoe@thinktodaytech.com to log in to Recognize, then thinktodaytech.com is the domain name.
  6. Choose the Name ID format that has to be sent in the SAML response. The Name ID format will specify the type of value sent in the SAML response for user identity verification.
  7. Click Add Application
  8. Your users should now be able to sign in to Recognize Online through ADSelfService Plus.

    Note: For Recognize, only IdP-initiated flows is supported.
Go to Top

Copyright © 2023, ZOHO Corp. All Rights Reserved.