Has anyone gotten AAoD/Passly's SSO to work with ConnectWise Manage? They both support SAML 2, so this should work, but I'm really struggling.
On the CW side, I have:
Login URL: https://{org}.my.passly.com/trust/launch?ApplicationId={App_Guid} (found by right-click'ing the app in the Launchpad and copying the link)
Identity Provider ID: https://{org}.my.authanvil.com/trust
Certificate uploaded and the fingerprint matches.
On the AAoD/Passly side I have:
Protocol Type: SAML SP-Init
Assertion Consumer Service URL: https://{CW_Domain}/v4_6_release/auth/{CompanyID}/Acs
Allow Multiple Audiences: Unchecked
Service Entity ID: https://{CW_Domain}/v4_6_release/auth/{CompanyID}/metadata
Identity Issuer: https://{org}.my.authanvil.com/trust
Token Lifetime: 60
Include All Audience URIs: Unchecked
Sign Token Response: Checked
Sign Assertion: Checked
Signing Algorithm: SHA-256
Fixed Relay State: <blank>
Attribute Transform: {User.EmailAddress} => mail
I have tried a lot of different combinations of settings on the Passly side trying to get this to work. Officially, both sides say they don't support the other, but I don't see why when CW works with Azure and Duo. Is the Passly side non-standard?
Anyone have any ideas that can help?
Thanks,
Justin
Fixed.
Multiple Audiences: Checked
Audience URI: https://{CW_Domain}/v4_6_release/auth/{CompanyID}/metadata
Attribute Transform: {User.EmailAddress} => schemas.xmlsoap.org/.../nameidentifier
Thanks for sharing this. I have added it to the SSO Library and will also be adding it to the KB for Passly.
No problem. Sorry for the double post, not even sure how that happened and I don't see an option to delete a post.
If it wasn't clear, my second post only includes the fields that changed from the first post to get it working.
jeremy.malin I just checked the library and it is slightly different than what I actually got working. This is what you have:
This is my working one: