Kaseya Community

SSO with ConnectWise Manage

This question is answered

Has anyone gotten AAoD/Passly's SSO to work with ConnectWise Manage? They both support SAML 2, so this should work, but I'm really struggling.

On the CW side, I have:

Login URL: https://{org}.my.passly.com/trust/launch?ApplicationId={App_Guid} (found by right-click'ing the app in the Launchpad and copying the link)

Identity Provider ID: https://{org}.my.authanvil.com/trust

Certificate uploaded and the fingerprint matches.

On the AAoD/Passly side I have:

Protocol Type: SAML SP-Init

Assertion Consumer Service URL: https://{CW_Domain}/v4_6_release/auth/{CompanyID}/Acs

Allow Multiple Audiences: Unchecked

Service Entity ID: https://{CW_Domain}/v4_6_release/auth/{CompanyID}/metadata

Identity Issuer: https://{org}.my.authanvil.com/trust

Token Lifetime: 60

Include All Audience URIs: Unchecked

Sign Token Response: Checked

Sign Assertion: Checked

Signing Algorithm: SHA-256

Fixed Relay State: <blank>

Attribute Transform: {User.EmailAddress} => mail

I have tried a lot of different combinations of settings on the Passly side trying to get this to work. Officially, both sides say they don't support the other, but I don't see why when CW works with Azure and Duo. Is the Passly side non-standard?

Anyone have any ideas that can help?

Thanks,

Justin

Verified Answer
All Replies
  • Fixed.

    Multiple Audiences: Checked

    Audience URI: https://{CW_Domain}/v4_6_release/auth/{CompanyID}/metadata

    Attribute Transform: {User.EmailAddress} => schemas.xmlsoap.org/.../nameidentifier

  • Thanks for sharing this. I have added it to the SSO Library and will also be adding it to the KB for Passly.

  • No problem. Sorry for the double post, not even sure how that happened and I don't see an option to delete a post.

    If it wasn't clear, my second post only includes the fields that changed from the first post to get it working.

  • I just checked the library and it is slightly different than what I actually got working. This is what you have:

    This is my working one:



    Fixed images.
    [edited by: jondle at 9:17 AM (GMT -8) on Nov 20, 2020]