Configuring SAML SSO for Syncplicity
These steps will guide you through setting up the single sign-on functionality between ADSelfService Plus and Syncplicity
Prerequisite
-
Log in to ADSelfService Plus as an administrator.
- Navigate to Configuration → Self-Service → Password Sync/Single Sign On → Add Application, and select Syncplicity from the applications displayed.
Note: You can also find Syncplicity application that you need from the search bar located in the left pane or the alphabet wise navigation option in the right pane.
-
Click IdP details in the top-right corner of the screen.
-
In the pop-up screen that appears, copy the values of Login URL and Logout URL, and click Download certificate and save the certificate file (PEM file). We will need these values and file in later steps.
Syncplicity (Service Provider) configuration steps
-
Now, log in to your Syncplicity administrator account.
-
Navigate to Admin → Settings.
-
Under Account Configuration, click Custom domain and single sign-on.
-
Note down the value you are giving in the Custom Domain field. This value will serve as the input for the Custom domain field in ADSelfService Plus.
-
Under Single Sign-On Status, click Enabled.
-
In the both Entity Id and Sign-in page URL fields, paste the Login URL value you had saved in Step 4 of Prerequisite.
-
In Logout page URL, paste the Logout URL value you had saved in Step 4 of Prerequisite.
-
In Identity Provider Certificate, click Choose file and upload the PEM file that you saved in Step 4 of Prerequisite.
-
Select Enable Silent Onboarding - auto-activate users and suppress welcome email (not applicable to self-signup) if you want to enable just in time provisioning of users.
-
Click Save changes.
ADSelfService Plus (Identity Provider) configuration steps
-
Now, switch to ADSelfService Plus’ Syncplicity configuration page.
-
Enter the Application Name and Description.
-
In the Assign Policies field, select the policies for which SSO need to be enabled.
Note:ADSelfService Plus allows you to create OU and group-based policies for your AD domains. To create a policy, go to Configuration → Self-Service → Policy Configuration → Add New Policy.
-
Select Enable Single Sign-On.
-
Enter the Domain Name of your Syncplicity account. For example, if you use johndoe@thinktodaytech.com to log in to Syncplicity, then thinktodaytech.com is the domain name.
-
Enter the Custom domain you had saved in Step 4 of Syncplicity configuration.
-
Choose the Name ID format that has to be sent in the SAML response. The Name ID format will specify the type of value sent in the SAML response for user identity verification.
-
Click Add Application
Your users should now be able to sign in to Syncplicity Online through ADSelfService Plus.
Note:
For Syncplicity, both IdP-initiated and SP-initiated flows are supported.