Configuring SAML SSO for ScreenSteps

These steps will guide you through setting up the single sign-on functionality between ADSelfService Plus and ScreenSteps

Prerequisite

  1. Log in to ADSelfService Plus as an administrator.
  2. Navigate to  Configuration → Self-Service → Password Sync/Single Sign On → Add Application, and select ScreenSteps from the applications displayed.
    Note: You can also find ScreenSteps application that you need from the search bar located in the left pane or the alphabet wise navigation option in the right pane.
  3. Click IdP details in the top-right corner of the screen.
  4. In the pop-up screen that appears, note down the values of Login URL , Logout URL and download the sso ceritificate by clicking Download Certificate.
    5. IDP Details

ScreenSteps (Service Provider) configuration steps

  1. Now, log in to your ScreenSteps administrator account.
  2. In the left pane, click Single Sign-on.

  3. Click Create Single Sign-on Endpoint

    Screenshot
  4. Enter a ScreenSteps of your choice and set the Mode to SAML.
  5. In the Remote Login URL field, enter the Login URL value that you had saved in Step 4 of Prerequisite.
  6. In the Log out URL field, enter the Logout URL value that you had saved in Step 4 of Prerequisite.
  7. Click Create.

  8. In the middle pane, click Upload new SAML Certificate file. Select the PEM certificate file you had saved in Step 4 of Prerequisite.

    Screenshot
  9. Click Update.

  10. Note down the value in SAML Test URL field.

    Screenshot

ADSelfService Plus (Identity Provider) configuration steps

  1. Now, switch to ADSelfService Plus’ ScreenSteps configuration page.
  2. Enter the Application Name and Description.
  3. In the Assign Policies field, select the policies for which SSO need to be enabled.
    Note:ADSelfService Plus allows you to create OU and group-based policies for your AD domains. To create a policy, go to Configuration → Self-Service → Policy Configuration → Add New Policy.
  4. Select Enable Single Sign-On.
  5. Enter the Domain Name of your ScreenSteps account. For example, if you use johndoe@thinktodaytech.com to log in to ScreenSteps, then thinktodaytech.com is the domain name.
  6. In the SAML Redirect URL field, enter the value you had saved in Step 10 of ScreenSteps configuration.
  7. Enter the Assertion Consumer Service URL provided by your application service provider in the Assertion Consumer Service URL field. If required, click the + button next to the text field to add multiple Assertion Consumer URLs. These values can be found in the application's SSO configuration page or metadata. Please reach out to your application's support team if you are having trouble locating the Assertion Consumer Service URL in your application's user interface or metadata.
  8. In the Name ID Format field, choose the format for the user login attribute value specific to the application.

    9. Note: Use Unspecified as the default option if you are unsure about the format of the login attribute value used by the application.

  9. Click Add Application

    10. Your users should now be able to sign in to ScreenSteps through ADSelfService Plus.

    Note: For ScreenSteps, only IdP-initiated flow is supported.
Go to Top

Copyright © 2025, ZOHO Corp. All Rights Reserved.