In IdP Initiated Login, SAML request is initiated from miniOrange IdP.
In SP Initiated Login, SAML request is initiated by Salesforce.
miniOrange Strong Authentication Service provides various types of authentication methods which can be easily configured and used for authentications.
| Methods | Description |
|---|---|
| OTP over SMS | A 6-8 digit OTP is sent on user’s mobile which he then enters to validate himself. |
| OTP over EMAIL | A 6-8 digit OTP is sent on user’s email which he then enters to validate himself. |
| Out-of-Band SMS | An SMS is sent on user’s mobile containing links to Accept or Deny the transaction. |
| Out-of-Band EMAIL | An EMAIL is sent on user’s registered email, containing links to Accept or Deny the transaction. |
| KBA (Security Questions) | User is asked to answer some questions which he had configured. |
| Soft Token * | User is asked to enter the 6 digit code generated on his mobile by our i’m me mobile app. |
| Hardware Token ** | User needs to plug in his hardware token to validate himself. |
| Push Notification * | User receives a push notification on his mobile to Accept or Deny the transaction. |
| Mobile Authentication * | User needs to scan a QR code from our i’m me mobile app to validate himself. |
| Voice Authentication * | User needs to validate himself through his voice. |
| Phone Verification * | In this method, user receives a voice call telling a 4-8 digit numeric key which he needs to enter to authenticate himself. |
miniOrange Fraud Prevention product dynamically analyzes user requests and apply business security policies to application access which minimizes the risks of unauthorized access.
miniOrange Fraud Prevention complements the existing traditional access controls by using contextual elements (e.g. device, location, time of access and user behavior) to allow for a more dynamic policy decision.
Device ID also known as Device Authentication, Device Fingerprinting, Device Identification can provide valuable data on identity morphing, authentication and repeat fraud. We can take a digital fingerprint for your device (laptop, desktop, mobile phone - android or iPhone,browser) which is unique and act as something you have. We then compare it with the fingerprint of the device that you registered with us earlier and let you carry on your transaction only if they match.
miniOrange can only allow users coming in from a particular location to authenticate. Users from any other location are denied or challenged(KBA/OTP over alternate email) for login.
miniOrange incorporates comprehensive details about user identities and behavior—such as usernames, passwords, email address, associated devices, and more into a dynamic Persona ID. User behavior is used as a factor of authentication.
miniOrange can also only allow user to authenticate in between a particular start and end time, which reduces risk of unauthorized access.
miniOrange OpenID Connect provider
OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.
OpenID Connect allows clients of all types, including Web-based, mobile, and JavaScript clients, to request and receive information about authenticated sessions and end-users. The specification suite is extensible, allowing participants to use optional features such as encryption of identity data, discovery of OpenID Providers, and session management, when it makes sense for them.
Add "Sign-in with miniOrange" to your website or app.
Add "Sign-in with miniOrange" button for your website or app, with the help of our sign-in client library that is built on the OpenID Connect protocols. You can use miniOrange Sign-in to get OpenID Connect formatted ID tokens, and access tokens for further interaction with miniOrange APIs or authenticating user in your application.