Configuring SAML SSO for ManageEngine Password Manager Pro
The following steps will help you enable single sign-on (SSO) to Password Manager Pro from ADSelfService Plus.
Prerequisites
- Ensure that the ADSelfService Plus server can be accessed through an HTTPS connection (the Access URL must be configured as HTTPS).
- Log in to ADSelfService Plus as an administrator.
- Navigate to Configuration > Self-Service > Password Sync/Single Sign On > Add Application, and select Password Manager Pro from the applications displayed.
Note: You can also find Password Manager Pro from the search bar located in the left pane or the alphabet-wise navigation option in the right pane.
- On the Password Manager Pro configuration page, click IdP Details in the top-right corner of the screen. A pop-up will appear.
- You can configure the identity provider details in Password Manager Pro by either uploading the metadata file or entering the details manually.
- Uploading the metadata file: Download the metadata file to be uploaded during the configuration of Password Manager Pro by clicking the Download IdP Metadata link.
- For manual configuration: Copy the Entity ID, Login URL, and Logout URL, which will be used during the configuration of Password Manager Pro. Download the SSO certificate by clicking the Download X.509-Certificate link.
Password Manager Pro (service provider) configuration steps
- Log in to Password Manager Pro with administrator credentials.
- Navigate to Admin > SAML Single Sign-On.
- Copy the values of the Entity Id and the Assertion Consumer URL from the Service Provider Details section; these will be used later.
- In the Configure Identity Provider Details section, you can either choose the Upload IdP metadata file option or the Configure IdP information manually option.
- In the Enable/Disable SAML Single Sign On section, click the Enable Now button.
ADSelfService Plus (identity provider) configuration steps
- Switch to ADSelfService Plus' Password Manager Pro configuration page.
- Enter the Application Name and Description.
- Enter the Domain Name of your Password Manager Pro account. For example, if you use johndoe@pmp.com to log in to Password Manager Pro, then pmp.com is the domain name.
- In the Assign Policies field, select the policies for which SSO needs to be enabled.
Note: ADSelfService Plus allows you to create OU- and group-based policies for your AD domains. To create a policy, go to Configuration > Self-Service > Policy Configuration > Add New Policy.
- Select the SAML tab and check Enable Single Sign-On.
- In the Assertion Consumer URL field, enter the Assertion Consumer URL copied in step 3 of Password Manager Pro configuration.
- In the Entity ID field, enter the Entity Id value copied in step 3 of Password Manager Pro configuration.
- In the Name ID Format field, choose the format for the user login attribute value specific to the application.
Note: Use Unspecified as the default option if you are unsure about the format of the login attribute value used by the application.
- Click Add Application.
Your users should now be able to sign in to Password Manager Pro through the ADSelfService Plus portal.
Note: For Password Manager Pro, both service-provider-initiated and identity-provider-initiated flows are supported.