Configuring SAML SSO for ManageEngine AssetExplorer

The following steps will help you enable single sign-on (SSO) to AssetExplorer from ADSelfService Plus.

Prerequisites

  1. Ensure that the ADSelfService Plus server can be accessed through HTTPS Connection (Access URL must be configured as HTTPS).
  2. Log in to ADSelfService Plus as an administrator.
  3. Navigate to Configuration → Self-Service → Password Sync/Single Sign On → Add Application, and select AssetExplorer from the applications displayed.
    4. Note: You can also find the AssetExplorer application from the search bar located in the left pane or the alphabet wise navigation option in the right pane.
  4. On the AssetExplorer page, click IdP details in the top-right corner of the screen.
  5. Copy the Login URL and Logout URL, which will be used during the configuration of AssetExplorer. Download the SSO certificate by clicking the Download X.509 Certificate link.
    6. Screenshot

AssetExplorer Manager Plus (service provider) configuration steps

  1. Log in to AssetExplorer with an administrator's credentials.
  2. Navigate to Admin > SAML Single Sign On. (or) Click the Admin icon. Select the SAML Single Sign On link under the Organizational Details section.
    3. Screenshot
  3. Under the Configuration tab, switch the Enable SAML Single Sign On ? toggle button.
    4. Screenshot
  4. Copy the values of the Entity Id and the Assertion Consumer URL from the Service Provider Details section; these will be used later.
    5. Screenshot
  5. In the Configure Identity Provider Details section, enter the Login URL value in the Login URL field copied in step 5 of the prerequisites.
  6. In the Logout URL field, enter the Logout URL value copied in step 5 of the prerequisites.
    7. Note: The Logout URL is optional and can be skipped if single logout (automatically log out from ADSelfService Plus when logging out from AssetExplorer) is not required.
  7. In the Name ID Format field, select the Transient option.
  8. In the Algorithm field, select the RSA_SHA256 option.
  9. In the Certificate field, click Choose File and upload the X.509 Certificate downloaded in step 5 of the prerequisites.
  10. Click Save.
    11. Screenshot

ADSelfService Plus (Identity Provider) configuration steps

  1. Switch to ADSelfService Plus' AssetExplorer configuration page.
  2. Enter the Application Name and Description.
  3. Enter the Domain name of your AssetExplorer account. For example, if you use johndoe@thinktodaytech.com to log in to AssetExplorer, then thicktodaytech.com is the domain name.
  4. In the Assign Policies field, select the policies for which SSO needs to be enabled.
    5. Note: ADSelfService Plus allows you to create OU and group-based policies for your AD domains. To create a policy, go to Configuration > Self-Service > Policy Configuration > Add New Policy.
  5. Select the SAML tab and check Enable Single Sign-On.
  6. In the Assertion Consumer URL field, enter the Assertion Consumer URL copied in step 3 of AssetExplorer configuration.
  7. In the Entity ID field, enter the Entity Id value copied in step 3 of AssetExplorer configuration.
  8. In the Name ID Format field, choose the format for the user login attribute value specific to the application.
    9. Note: Use Unspecified as the default option if you are unsure about the format of the login attribute value used by the application.
  9. Click Add Application.
    10. Screenshot

    Your users should now be able to sign into AssetExplorer through the ADSelfService Plus portal.

    Note: For AssetExplorer, both service-provider-initiated and identity-provider-initiated flows are supported.
Go to Top

Copyright © 2024, ZOHO Corp. All Rights Reserved.