Directory Services

Self Service Password Reset

When a user changes their password using miniOrange IdP, the password change gets synchronized with the Active Directory

Real-time Provisioning

User provisioning and deprovisioning can be done in real-time and the changes are directly reflected in the external directories

Integrated Windows Single Sign-On (IWA)

miniOrange IWA solution lets you Single Sign On into connected applications on Windows, given the applications are configured within the domain for SSO

We can connect with any External Directory

miniOrange provides user authentication from external directories like Microsoft Active Directory, Azure AD, OpenLDAP, Crowd, Google, AWS Cognito. User gets created automatically in miniOrange directory services during authentication. Groups are assigned to users based on their profile attribute values. Users can be imported at specified intervals of time using the Scheduled Sync feature.

Microsoft Active Directory

Azure AD

directory services aws cognito as external directory

OpenLDAP

Crowd

Google

AWS Cognito

BENEFITS

Easy Management

Using the miniOrange platform, the admin can add multiple Active directories and use them as a user store preventing need to manage directories in separate places

Centralized App Management

Administrators can automatically provision and administrate multiple application accounts from one centralized system

Enhanced Security

Improve security by assigning different permissions level on role based with automatic provisioning within apps

Faster Deployment

Each organization has a single domain on which shared account database solutions have to be deployed only once. This makes company-wide deployment faster.

Directory Integration

miniOrange provides user authentication from external directories like Active Directory, LDAP, OpenDS etc. We have simple and easy directory integration solutions for both cloud and on-premise applications. This on-demand integration service allows user authentication, user provisioning, de-provisioning and reporting of usages of application. An important part of this service is miniOrange's directory integration is easy to set up. In addition to this, miniOrange supports thousands of applications and provides a SSO mechanism for the users present in the integrated directory.

Active Directory Flow

Active Directory Workflow:

1. User sends the request to access the resource from application.

2. The Application sends an authentication request to miniOrange.

3. The miniOrange forwards the authentication request to Active Directory via miniOrange Gateway.

4. Active Directory sends the response to application through miniOrange. This response contains the user’s information as well as the authentication status, based on which the user is given access to the resource.

5. Upon successful authentication, the user is given access to the resource.

Pre-Configured Directories

AD/LDAP
AWS Cognito
ConnectWise
Database
API
Radius
miniOrange

Allow your users to authenticate against various LDAP implementations like Microsoft Active Directory, OpenLDAP, and other directory systems and provide a login to any of your applications using credentials stored in your LDAP Server.

directory services AD/LDAP pre-configured directory

Connect with your AWS Cognito User Pool and Identity pool to provide authentication, authorization and user management for your web and mobile applications.

directory services AWS Cognito pre-configured directory

Configure your ConnectWise CRM with miniOrange users to Single Sign On into your web and mobile applications.

directory services ConnectWise pre-configured directory

Connect your existing My SQL, Microsoft SQL, Postgres SQL and other databases with miniOrange and allow your users to perform Single Sign-On without moving into miniOrange.

directory services Database pre-configured directory

Authenticate with any HRM Portal or any application which support authentication via APIs.

directory services API pre-configured directory

Provide user authentication and authorization by using RADIUS which verifies user's information (like username and password) by using various authentication schemes like PAP, CHAP, MS-CHAP, MS-CHAPv2 etc. and allows the request to access the system or service.

directory services Radius pre-configured directory

miniOrange Identity Server will act as an Identity Provider that connects multiple service providers with existing user stores for authentication. If you want to connect with any other third party database/directory contact us for integration.

directory services miniOrange pre-configured directory

To connect your application with Active directory, you need to perform these steps:

1. Connect your Active Directory to miniOrange.

2. Connect miniOrange to your application using miniOrange Broker Service.

1. How to connect an Active Directory to your application using miniOrange ?

Click here and login with your miniOrange account.
Navigate to User Stores menu option and click on Add User Store button.

directory services navigate click on user store button

Navigate to AD/LDAP tab and choose either of the following two options:

STORE LDAP CONFIGURATION IN MINIORANGE: Choose this option if you want to keep your configuration in miniOrange. If active directory is behind a firewall, you will need to open the firewall to allow incoming requests to your AD.
STORE LDAP CONFIGURATION ON PREMISE: Choose this option if you want to keep your configuration in your premise and only allow access to AD inside premises. You will have to download and install miniOrange gateway in your premise.

Now, provide the following values:

Directory Type:	Active Directory.
LDAP Server URL:	Select an appropriate prefiller followed by your AD server URL or IP address
Bind Account DN:	UserPrincipalName/distinguishedName of the account eligible for binding operation.
Bind Account Password:	Password for the account used for binding
Search Bases:	Provide distinguished name of the Search Base object Eg:cn=User,dc=domain,dc=com
Search Filter:	Search filters enable you to define search criteria and provide a more efficient and effective searches. Eg: "(&(objectClass=*)(cn=?))"

Select Active Directory from the Directory Drop Down. On basis of your selection all the attributes related to active directory are automatically mapped in the configuration.

directory services AD/LDAP active directory attributes

Go to AD FS-> Domain-> respective Users -> Properties-> Attribute Editor. Now copy the value of distinguishedName and paste it against Bind Account DN.

directory services copy value of distinguishedName and paste it against Bind Account DN

Enter the valid password for the user from above step.
Search Base is a user search location. It means where to search for a user.

If you want to add extra conditions on user search you can add it in Search Filter. Select a suitable Search Filter from the Drop-Down. To use custom Search Filter select "Custom Search Filter" option and provide the search filter in the input field that shows up.

directory services add extra conditions on user search

Click on Save. After this, it will show you the list of User stores. Click on Test Configuration to check whether you have enter valid details. For that, it will ask for username and password.

On Successful connection with LDAP Server, a success message is shown.

Click on Test Attribute Mapping.

directory services AD/LDAP active directory test attributes

Enter a valid Username. Then, click on Test. Mapped Attributes corresponding to the user are fetched.

2. How to connect miniorange to your application using miniOrange broker service.

Step 1: Configure Single Sign On Settings in miniOrange

From miniOrange admin dashboard, navigate to Apps >> Manage Apps >> Configure Apps. Search for G-Suite in SAML section. Select G-Suite.

Enter the SP Entity ID as google.com, ACS URL as https://www.google.com/a/<your_domain>/acs.
Select the E-Mail Address from the Name ID dropdown and you can also add additional attributes using add attribute option.

directory services g-suite app select email address from the nameid dropdown

Go to Add Policy section, select DEFAULT from the Group Name dropdown. Enter G-Suite in the Policy Name field.
Select PASSWORD from the First Factor Type dropdown and Click on Save to configure G-Suite.

directory services g-suite save g-suite configuration

Click on Metadata link to download the metadata which will be required later. Click on Link to see the IDP initiated SSO link for G-Suite.

directory services g-suite sso metadata link

Keep SAML Login URL value and click on Download Certificate to download the certificate which you will require in Step 2.

directory services g-suite metadata information

Step 2: Configure G-Suite Settings for miniOrange

Login to your G-Suite domain as the Account Administrator.
Click the Security Icon.
Note:If the Security icon is not visible, click More Controls at the bottom of the panel and drag the Security icon into the Admin Console dashboard.

directory services click the security icon

On the Security menu, select Set up single sign-on (SSO).

Enter the followind details as shown:

directory services enter following details

Sign-in page URL	Enter the SAML Login URL value that you got from Step 1.
Sign-out page URL	https://<your-subdomain>.xecurify.com/moas/idp/oidc/logout?post_logout_redirect_uri=https://gmail.com
Change Password URL	https://<your_domain>.xecurify.com/moas/enduserpasswordchange
Verification Certificate	Upload the downloaded certificate.

Check Setup SSO with third party identity provider option and click on SAVE.

Step 3: Verify your SSO Settings

Go to your G-Suite account and enter your login credentails.
You will be redirected to miniOrange login page. Here, enter your active directory credentials and you will be logged in into your G-Suite account.

For Further Details Refer:

Google Apps Directory Integration
AWS Cognito As Directory

FEATURES

Single Sign On For Directory Authenticated Apps

Just In Time User Provisioning

Auto-assign Groups