Directory Integration Solution

Directory Integration allows organizations to connect with their exisiting directories and authenticate users in their cloud and on-premise applications. Active Directory(AD)/LDAP Integration is the most convenient when it comes to directory services, you can easily integrate your Active Directory in the miniOrange user stores. miniOrange Identity Management Features offers easy user provisioning and deprovisioning features for external directories (Active Directory(AD), ADFS, Azure AD, OpenLDAP, Google, AWS Cognito etc.).

FEATURES

Self Service Password Reset

When a user changes their password using miniOrange IdP, the password change gets synchronized with the Active Directory

Real-time Provisioning

User provisioning and deprovisioning can be done in real-time and the changes are directly reflected in the external directories

Integrated Windows Single Sign-On (IWA)

miniOrange IWA solution lets you Single Sign On into connected applications on Windows, given the applications are configured within the domain for SSO

We can connect with any External IDP/Directory

miniOrange provides user authentication from external directories like ADFS, Microsoft Active Directory, Azure AD, OpenLDAP, Google, AWS Cognito etc. It also provides user authentication with other IDPs like Shibboleth, PING, Okta, OneLogin, KeyCloak and many more.

Microsoft AD

Azure AD

miniOrange IDP

ADFS

Google

Shibboleth

PING

Okta

AWS Cognito

KeyCloak

One Login

Centrify

Can't find your IDP ? Contact us on idpsupport@xecurify.com. We'll help you set it up in no time.

BENEFITS

Easy Management

Using the miniOrange platform, the admin can add multiple Active directories and use them as a user store preventing need to manage directories in separate places

Centralized App Management

Administrators can automatically provision and administrate multiple application accounts from one centralized system

Enhanced Security

Improve security by assigning different permissions level on role based with automatic provisioning within apps

Faster Deployment

Each organization has a single domain on which shared account database solutions have to be deployed only once. This makes company-wide deployment faster.

Directory Integration

miniOrange provides user authentication from external directories like Active Directory, LDAP, OpenDS etc. We have simple and easy directory integration solutions for both cloud and on-premise applications. This on-demand integration service allows user authentication, user provisioning, de-provisioning and reporting of usages of application. An important part of this service is miniOrange's directory integration is easy to set up. In addition to this, miniOrange supports thousands of applications and provides a SSO mechanism for the users present in the integrated directory.

Active Directory Flow

Active Directory (AD) Integration flow diagram

Active Directory Workflow:

1. User sends the request to access the resource from application.

2. The Application sends an authentication request to miniOrange.

3. The miniOrange forwards the authentication request to Active Directory via miniOrange Gateway.

4. Active Directory sends the response to application through miniOrange. This response contains the user’s information as well as the authentication status, based on which the user is given access to the resource.

5. Upon successful authentication, the user is given access to the resource.

Pre-Configured Directories

AD/LDAP
AWS Cognito
ConnectWise
Database
API
Radius
miniOrange

Allow your users to authenticate against various LDAP implementations like Microsoft Active Directory, OpenLDAP, and other directory systems and provide a login to any of your applications using credentials stored in your LDAP Server.

Active Directory (AD/LDAP) Integration pre-configured directory

Connect with your AWS Cognito User Pool and Identity pool to provide authentication, authorization and user management for your web and mobile applications.

Directory Services Integration AWS Cognito pre-configured directory

Configure your ConnectWise CRM with miniOrange users to Single Sign On into your web and mobile applications.

Directory Services Integration ConnectWise pre-configured directory

Connect your existing My SQL, Microsoft SQL, Postgres SQL and other databases with miniOrange and allow your users to perform Single Sign-On without moving into miniOrange.

Directory Services Integration Database pre-configured directory

Authenticate with any HRM Portal or any application which support authentication via APIs.

Directory Services Integration API pre-configured directory

Provide user authentication and authorization by using RADIUS which verifies user's information (like username and password) by using various authentication schemes like PAP, CHAP, MS-CHAP, MS-CHAPv2 etc. and allows the request to access the system or service.

Directory Services Integration Radius pre-configured directory

miniOrange Identity Server will act as an Identity Provider that connects multiple service providers with existing user stores for authentication. If you want to connect with any other third party database/directory contact us for integration.

Directory Services Integration miniOrange pre-configured directory

To connect your application with Active directory, you need to perform these steps:

1. Connect your Active Directory to miniOrange.

2. Connect miniOrange to your application using miniOrange Broker Service.

1. How to connect an Active Directory to your application using miniOrange ?

Click here and login with your miniOrange account.
Navigate to User Stores menu option and click on Add User Store button.

Active Directory (AD/LDAP) Integration navigate click on user store button

Navigate to AD/LDAP tab and choose either of the following two options:

STORE LDAP CONFIGURATION IN MINIORANGE: Choose this option if you want to keep your configuration in miniOrange. If active directory is behind a firewall, you will need to open the firewall to allow incoming requests to your AD.
STORE LDAP CONFIGURATION ON PREMISE: Choose this option if you want to keep your configuration in your premise and only allow access to AD inside premises. You will have to download and install miniOrange gateway in your premise.

Now, provide the following values:

Directory Type:	Active Directory.
LDAP Server URL:	Select an appropriate prefiller followed by your AD server URL or IP address
Bind Account DN:	UserPrincipalName/distinguishedName of the account eligible for binding operation.
Bind Account Password:	Password for the account used for binding
Search Bases:	Provide distinguished name of the Search Base object Eg:cn=User,dc=domain,dc=com
Search Filter:	Search filters enable you to define search criteria and provide a more efficient and effective searches. Eg: "(&(objectClass=*)(cn=?))"

Select Active Directory from the Directory Drop Down. On basis of your selection all the attributes related to active directory are automatically mapped in the configuration.

Active Directory (AD/LDAP) Integration active directory/ldap attributes

Go to AD FS-> Domain-> respective Users -> Properties-> Attribute Editor. Now copy the value of distinguishedName and paste it against Bind Account DN.

Active Directory (AD/LDAP) enter Bind Account DN

Enter the valid password for the user from above step.
Search Base is a user search location. It means where to search for a user.

Active Directory (AD/LDAP) Integration search base

If you want to add extra conditions on user search you can add it in Search Filter. Select a suitable Search Filter from the Drop-Down. To use custom Search Filter select "Custom Search Filter" option and provide the search filter in the input field that shows up.

Active Directory (AD/LDAP) Integration search filter

Enable sync users in miniOrange option if you want on-the-fly user creation of LDAP server users in miniOrange once they authenticate via ldap credentials successfully in the login flow while you are using miniOrange as IDP.

Active Directory (AD/LDAP) Integration AD/LDAP attributes

Click on Save. After this, it will show you the list of User stores. Click on Test Configuration to check whether you have enter valid details. For that, it will ask for username and password.

Active Directory (AD/LDAP) Integration test ldap connection

On Successful connection with LDAP Server, a success message is shown.

Active Directory (AD/LDAP) Integration ldap connection successful

Click on Test Attribute Mapping.

Active Directory (AD/LDAP) Integration test ldap attributes

Enter a valid Username. Then, click on Test. Mapped Attributes corresponding to the user are fetched.

Active Directory (AD/LDAP) Integration test mapped AD/LDAP attributes

2. How to connect miniorange to your application using miniOrange broker service.

Step 1: Configure Single Sign On Settings in miniOrange

From miniOrange admin dashboard, navigate to Apps >> Manage Apps >> Configure Apps. Search for G-Suite in SAML section. Select G-Suite.

Enter the SP Entity ID as google.com, ACS URL as https://www.google.com/a/<your_domain>/acs.
Select the E-Mail Address from the Name ID dropdown and you can also add additional attributes using add attribute option.

Directory Services Integration configure g-suite app

Go to Add Policy section, select DEFAULT from the Group Name dropdown. Enter G-Suite in the Policy Name field.
Select PASSWORD from the First Factor Type dropdown and Click on Save to configure G-Suite.

Directory Services Integration save g-suite app policy

Click on Metadata link to download the metadata which will be required later. Click on Link to see the IDP initiated SSO link for G-Suite.

Directory Services Integration g-suite sso metadata link

Keep SAML Login URL value and click on Download Certificate to download the certificate which you will require in Step 2.

Directory Services Integration g-suite metadata information

Step 2: Configure G-Suite Settings for miniOrange

Login to your G-Suite domain as the Account Administrator.
Click the Security Icon.
Note:If the Security icon is not visible, click More Controls at the bottom of the panel and drag the Security icon into the Admin Console dashboard.

Directory Services Integration click the security icon

On the Security menu, select Set up single sign-on (SSO).

Directory Services Integration select setup sso

Enter the followind details as shown:

Directory Services Integration enter following details

Sign-in page URL	Enter the SAML Login URL value that you got from Step 1.
Sign-out page URL	https://<your-subdomain>.xecurify.com/moas/idp/oidc/logout?post_logout_redirect_uri=https://gmail.com
Change Password URL	https://<your_domain>.xecurify.com/moas/enduserpasswordchange
Verification Certificate	Upload the downloaded certificate.

Check Setup SSO with third party identity provider option and click on SAVE.

Step 3: Verify your SSO Settings

Go to your G-Suite account and enter your login credentails.
You will be redirected to miniOrange login page. Here, enter your active directory credentials and you will be logged in into your G-Suite account.

For Further Details Refer:

Google Apps Directory Integration
AWS Cognito As Directory

Directory Services