miniOrange Product API Guides

• Single Sign on API  Learn more

  miniOrange supports both IdP (Identity Provider) and SP (Service Provider) initiated Single Sign On (SSO)

  • IdP Initiated Single Sign On (SSO)

    In IdP Initiated Login, SAML request is initiated from miniOrange IdP.

  • Enduser first authenticates through miniOrange Idp by login in to miniOrange Self Service Console.
  • On landing page, you can select any app icon viz. Google Apps, Salesforce etc., when you click on this icon, you will be redirected to your app account – there is no need to login again.

  • SP Initiated Single Sign On (SSO)

    In SP Initiated Login, SAML request is initiated by Salesforce.

  • An enduser can login to any app and enter the login credentials there.
  • After clicking on Sign in button, you will be redirected to miniOrange Self Service Console.
  • Here you can enter the login credentials and login to your app account.

• Strong Authentication API  Learn more

  
  

  miniOrange Strong Authentication Service provides various types of authentication methods which can be easily configured and used for authentications.

  Methods	Description
  OTP over SMS	A 6-8 digit OTP is sent on user’s mobile which he then enters to validate himself.
  OTP over EMAIL	A 6-8 digit OTP is sent on user’s email which he then enters to validate himself.
  Out-of-Band SMS	An SMS is sent on user’s mobile containing links to Accept or Deny the transaction.
  Out-of-Band EMAIL	An EMAIL is sent on user’s registered email, containing links to Accept or Deny the transaction.
  KBA (Security Questions)	User is asked to answer some questions which he had configured.
  Soft Token *	User is asked to enter the 6 digit code generated on his mobile by our i’m me mobile app.
  Hardware Token **	User needs to plug in his hardware token to validate himself.
  Push Notification *	User receives a push notification on his mobile to Accept or Deny the transaction.
  Mobile Authentication *	User needs to scan a QR code from our i’m me mobile app to validate himself.
  Voice Authentication *	User needs to validate himself through his voice.
  Phone Verification *	In this method, user receives a voice call telling a 4-8 digit numeric key which he needs to enter to authenticate himself.

  * These authentication methods require miniOrange i’m me mobile app available for Android and Apple smartphones.
  ** This method require hardware token provided by miniOrange.

• Fraud Prevention API  Learn more

  miniOrange Fraud Prevention product dynamically analyzes user requests and apply business security policies to application access which minimizes the risks of unauthorized access.

  miniOrange Fraud Prevention complements the existing traditional access controls by using contextual elements (e.g. device, location, time of access and user behavior) to allow for a more dynamic policy decision.

  • Device
    

    Device ID also known as Device Authentication, Device Fingerprinting, Device Identification can provide valuable data on identity morphing, authentication and repeat fraud. We can take a digital fingerprint for your device (laptop, desktop, mobile phone - android or iPhone,browser) which is unique and act as something you have. We then compare it with the fingerprint of the device that you registered with us earlier and let you carry on your transaction only if they match.

  • Location
    

    miniOrange can only allow users coming in from a particular location to authenticate. Users from any other location are denied or challenged(KBA/OTP over alternate email) for login.

  • Behavior
    

    miniOrange incorporates comprehensive details about user identities and behavior—such as usernames, passwords, email address, associated devices, and more into a dynamic Persona ID. User behavior is used as a factor of authentication.

  • Time Of Access
    

    miniOrange can also only allow user to authenticate in between a particular start and end time, which reduces risk of unauthorized access.

• OpenID Connect API  Learn more

  miniOrange OpenID Connect provider

  OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.

  OpenID Connect allows clients of all types, including Web-based, mobile, and JavaScript clients, to request and receive information about authenticated sessions and end-users. The specification suite is extensible, allowing participants to use optional features such as encryption of identity data, discovery of OpenID Providers, and session management, when it makes sense for them.

  Add "Sign-in with miniOrange" to your website or app.

  Add "Sign-in with miniOrange" button for your website or app, with the help of our sign-in client library that is built on the OpenID Connect protocols. You can use miniOrange Sign-in to get OpenID Connect formatted ID tokens, and access tokens for further interaction with miniOrange APIs or authenticating user in your application.