If SSO is enabled, whenever a user attempts to log on to ADSelfService Plus’ web console, OneLogin will authenticate the request and grant access to the ADSelfService Plus portal. When a user is already logged in to OneLogin and tries to access ADSelfService Plus, the user will be granted access automatically.

Prerequisite

If you do not find ADSelfService Plus in OneLogin's list of supported applications, follow these steps to add it to the list.

Log in to your OneLogin account with admin credentials and navigate to ADSelfService Plus from the list of applications supported. Either download the Metadata in XML format, or get the required data by copying the Issuer URL/Entity ID, IdP Login URL, IdP Logout URL, and the X.509-certificate. 

Configuration steps in ADSelfService Plus

1.      Log in to the ADSelfService Plus web console with admin credentials.

2.      Navigate to Admin tab > Customize > Logon Settings.

3.      Check the Enable SSO checkbox to enable single sign-on for ADSelfService Plus.

 

4.      Click the SAML Authentication radio button to enable SAML configuration in your domain.

5.      Select OneLogin in the Select IdP drop-down box. 

 

6.      There are two SAML Configuration Modes: Upload Metadata File and Manual Configuration.

1.      Select Upload Metadata File if you have downloaded the metadata file.

§  Click Browse to upload the metadata file downloaded from OneLogin.             

2.      Select Manual Configuration to configure the URLs and certificates manually.

·         Enter the Issuer URL/Entity ID URL copied from OneLogin. 

·         In the IdP Login URL, enter the Login URL copied from OneLogin. 

·         In the IdP Logout URL, enter the Logout URL copied from OneLogin.

        

·         In the space provided for X.509-Certificate, enter the public certificate key copied from OneLogin.

·         Click Save.

Like this tip? Get the most out of ADSelfService Plus by checking out more tips and tricks here.