Configuring SAML SSO for UserEcho

These steps will guide you through setting up the single sign-on functionality between ADSelfService Plus and UserEcho.

Prerequisite

  1. Log in to ADSelfService Plus as an administrator.
  2. Navigate to  Configuration → Self-Service → Password Sync/Single Sign On → Add Application, and select UserEcho from the applications displayed.
    Note: You can also find UserEcho application that you need from the search bar located in the left pane or the alphabet wise navigation option in the right pane.
  3. Click Download SSO Certificate link in the top-right corner of the screen.
  4. In the pop-up that appears, copy the Login URL, Logout URL and download the SSO certificate by clicking on the Download Certificate button.
    5. IDP Details

UserEcho (Service Provider) configuration steps

  1. Login to UserEcho portal with an administrator’s credentials.

  2. Click on Profile at the top-right corner and select Setup

    Screenshot

  3. Select Integrations from the left pane and click on Single sign-on (SAML).

    Screenshot

  4. In the SAML SSO URL, enter the Login URL copied in Step 4 of Prerequisite,.

  5. Open the SSO certificate downloaded (rsacert.pem ) in Step 4 of Prerequisite and paste its content in the X.509 Certificate field.

    Screenshot

  6. Click Save.

  7. Navigate to Project → Login Settings from the left pane.

    Screenshot

  8. In the Login Type field, select SAML redirect from the drop-down box.

    Screenshot
  9. Click Save to complete the configuration.

ADSelfService Plus (Identity Provider) configuration steps

  1. Now, switch to ADSelfService Plus’ UserEcho configuration page.
  2. Enter the Application Name and Description.
  3. In the Assign Policies field, select the policies for which SSO need to be enabled.
    Note:ADSelfService Plus allows you to create OU and group-based policies for your AD domains. To create a policy, go to Configuration → Self-Service → Policy Configuration → Add New Policy.
  4. Select Enable Single Sign-On.
  5. Enter the Domain Name of your UserEcho account. For example, if you use johndoe@thinktodaytech.com to log in to UserEcho, then thinktodaytech.com is the domain name.
  6. In the SP Identifier field, enter the domain name of your UserEcho account. Example: If your UserEcho domain URL is https://test.userecho.com, your SP Identifier is test.
  7. Enter the Assertion Consumer Service URL provided by your application service provider in the Assertion Consumer Service URL field. If required, click the + button next to the text field to add multiple Assertion Consumer URLs. These values can be found in the application's SSO configuration page or metadata. Please reach out to your application's support team if you are having trouble locating the Assertion Consumer Service URL in your application's user interface or metadata.
  8. In the Name ID Format field, choose the format for the user login attribute value specific to the application.

    9. Note: Use Unspecified as the default option if you are unsure about the format of the login attribute value used by the application.

  9. Click Add Application

    10. Your users should now be able to sign in to UserEcho through ADSelfService Plus.

    Note: For UserEcho, both IDP and SP initiated flows are supported.
Go to Top

Copyright © 2025, ZOHO Corp. All Rights Reserved.