Configuring SAML SSO for ManageEngine ADAudit Plus

The following steps will help you enable single sign-on (SSO) to ADAudit Plus from ADSelfService Plus.

  1. Ensure that the ADSelfService Plus server can be accessed through an HTTPS connection (the Access URL must be configured as HTTPS).
  2. Log in to ADSelfService Plus as an administrator.
  3. Navigate to Configuration > Self-Service > Password Sync/Single Sign On > Add Application, and select ADAudit Plus from the applications displayed.
  4. Note: You can also find ADAudit Plus from the search bar located in the left pane or the alphabet-wise navigation option in the right pane.

  5. On the ADAudit Plus configuration page, click IdP Details in the top-right corner of the screen. A pop-up will appear.
  6. You can configure the identity provider details in ADAudit Plus by either uploading the metadata file or entering the details manually.
    • Uploading the metadata file: Download the metadata file to be uploaded during the configuration of ADAudit Plus by clicking the Download IdP Metadata link.
    • For manual configuration: Copy the Entity ID, Login URL, and Logout URL, which will be used during the configuration of ADAudit Plus. Download the SSO certificate by clicking the Download X.509 Certificate link.
Configuring SAML SSO for ManageEngine ADAudit Plus

ADAudit Plus (service provider) configuration steps

  1. Log in to ADAudit Plus with administrator credentials.
  2. Navigate to Admin > Administration > Logon Settings > Single Sign-On.
  3. Select the Enable Single Sign-on with Active Directory check box.
  4. Configuring SAML SSO for ManageEngine ADAudit Plus
  5. Choose the SAML Authentication radio button.
  6. In the Configure Identity Provider section, enter the details given below.
    • In the Identity Provider (IdP) field, choose the Custom Provider option.
    • Enter the IdP Provider Name and upload the IdP Provider Logo.
    • For SAML Configuration Mode, you can either choose the Upload Metadata File option or the Manual Configuration option.
      • If you choose the Upload Metadata File option, upload the metadata file downloaded in step 5a of the prerequisites.
      • Configuring SAML SSO for ManageEngine ADAudit Plus
      • If you choose the Manual Configuration option, paste the Entity ID value copied in step 5b of the prerequisites in the Issuer URL/Entity ID field.
      • In the IdP Login URL field, enter the Login URL value copied in step 5b of the prerequisites.
      • In the IdP Logout URL field, enter the Logout URL value copied in step 5b of the prerequisites.
      • Note: The Logout URL is optional and can be skipped if single logout (automatically log out from ADSelfService Plus when logging out from ADAudit Plus) is not required.

      • Paste the entire contents of the X.509 certificate downloaded in step 5b of the prerequisites in the X.509 Certificate field.
  7. Configuring SAML SSO for ManageEngine ADAudit Plus
  8. Copy the values of the ACS/Recipient URL and the Issuer URL/Entity ID from the Service Provider Details section; these will be used later.
  9. Configuring SAML SSO for ManageEngine ADAudit Plus
  10. Click Save.

ADSelfService Plus (identity provider) configuration steps

  1. Switch to ADSelfService Plus' ADAudit Plus configuration page.
  2. Enter the Application Name and Description.
  3. Enter the Domain Name of your ADAudit Plus account. For example, if you use johndoe@adauditplus.com to log in to ADAudit Plus, then adauditplus.com is the domain name.
  4. In the Assign Policies field, select the policies for which SSO needs to be enabled.
  5. Note: ADSelfService Plus allows you to create OU- and group-based policies for your AD domains. To create a policy, go to Configuration > Self-Service > Policy Configuration > Add New Policy.

  6. Select the SAML tab and check Enable Single Sign-On.
  7. In the Assertion Consumer URL field, enter the ACS/Recipient URL copied in step 6 of ADAudit Plus configuration.
  8. In the Entity ID field, enter the Issuer URL/Entity ID value copied in step 6 of ADAudit Plus configuration.
  9. In the Name ID Format field, choose the format for the user login attribute value specific to the application.
  10. Use Unspecified as the default option if you are unsure about the format of the login attribute value used by the application.

  11. Click Add Application.
Configuring SAML SSO for ManageEngine ADAudit Plus

Your users should now be able to sign in to ADAudit Plus through the ADSelfService Plus portal.

Note: For ADAudit Plus, both service-provider-initiated and identity-provider-initiated flows are supported.

Go to Top

Copyright © 2024, ZOHO Corp. All Rights Reserved.