Connectwise Manage supports the use of SAML support for accessing this application.
The following will be used during this configuration.
- https://(companyname).my.passly.com Please update (CompanyName) to reflect your actual Passly tenant.
- https://{CW_Domain} Please update {CW_Domain} this to reflect your actual Connectwise Manage server.
Passly Settings
- Access your Passly Tenant via https://(companyname).my.passly.com
-
- Select Groups.
Select the Blue plus sign in the bottom right corner.
Name the Group Connectwise Manage Users
Note: If you have other existing Groups for SSO users you can use one of these as well. - Select ADD GROUP.
- Select SSO Manager > Application Library.
- Select the Blue plus sign to add a new application.
- Select the Catalogue icon.
- Select Custom Application.
- Select Application is enabled.
- Name the Application: Connectwise Manage
- Select your preferred Authentication Policy, the "Default" will list unless changed.
- Select Protocol Setup and enter the following.
Protocol Type: SAML SP-Init
Assertion Consumer Service URL: https://{CW_Domain}/v4_6_release/auth/{CompanyID}/Acs
Allow Multiple Audiences: Unchecked
Service Entity ID: https://{CW_Domain}/v4_6_release/auth/{CompanyID}/metadata
Identity Issuer: https://(companyname).my.passly.com/trust
Multiple Audiences: Checked
Sign Token Response: Checked
Sign Assertion: Checked
Signing Algorithm: SHA-256
Fixed Relay State: <blank> - Select Attribute Transformation.
Audience URI: https://{CW_Domain}/v4_6_release/auth/{CompanyID}/metadata
Attribute Value: {User.EmailAddress}
Send As http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier - Select Add Application
- Select Permissions.
Choose the Group created in Step 3. - Select Signing and Encryption.
- Select Download.
Note: You will need to save this to your local machine. This certificate will be uploaded into CW Manage. Once uploaded there is no need to save a copy of this certificate. - Select Save Changes.
Connectwise Manage settings
- Log into Connectwise Manage.
- Login URL: https://(companyname).my.passly.com /trust/launch?ApplicationId={App_Guid} (found by right-clicking the app in the Launchpad and copying the link)
- Identity Provider ID: https://(companyname).my.passly.com/trust
- Upload the Certificate and ensure the fingerprint matches.