Security Assertion Markup Language (SAML) is an XML-based open standard that eliminates the need for multiple application-specific usernames and passwords. It does this by facilitating the secure exchange of authentication and authorization data between applications. SAML is one of the most widely used standards to provide users with secure, one-click access to multiple cloud applications via single sign-on (SSO). All major cloud applications support SAML, including Office 365, G Suite, Salesforce, Dropbox, and ServiceNow.
ADSelfService Plus supports SSO for all SAML 2.0-enabled cloud applications.
SAML authentication requires three entities:
In some cases, the IdP itself will store the identity information of the user and use it for authentication. In other cases, it uses another identity infrastructure for authentication. ADSelfService Plus facilitates user authentication by using Active Directory identities.
To configure SAML-based SSO, the IdP and the SP need to establish trust between each other. Establishing trust typically involves configuring the SP with the SSO login URL, SSO logout URL, and X.509 certificate given by the IdP as well as configuring the IdP with the a few unique attributes that are specific to the SP. Once trust is established, the SP will delegate authentication responsibilities to the IdP.
To initiate SAML SSO in ADSelfService Plus, users can begin with either the SP or the IdP. That means SAML SSO works regardless of whether users try logging in to their cloud app first, or ADSelfService Plus to start.
ADSelfService Plus supports both IdP-initiated and SP-initiated SAML SSO flows for most cloud applications in its app catalog.
Improved security: SAML authentication doesn't involve passwords. Only digitally-signed SAML requests and responses are transmitted between the SP and ADSelfService Plus. Since there's no passwords involved, it helps reduce password-related threats.
Supported by thousands of cloud apps: Almost all modern cloud apps support SAML. You can easily enable SSO for multiple apps using ADSelfService Plus.
One-click access: SAML improves user experience by eliminating the need to log in multiple times in a work day just to access different apps.
Reduced burden on IT: With SAML SSO enabled, IT admins won't have to worry about password-related help desk calls or managing identities across multiple services.
Want to implement SAML SSO for your cloud apps? Try ADSelfService Plus and provide your users with seamless, one-click access to cloud apps. Read this white paper to learn more about enabling Active Directory-based SAML SSO for cloud apps.
ADSelfService Plus supports SSO for all SAML 2.0-enabled cloud applications. If you have a custom enterprise application, then you can enable SSO for that application, too, using ADSelfService Plus. Click here to learn more about SSO for custom applications.
Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console.
Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus!
Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.
Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more.
Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.