miniOrange provides the facility to host identities in a private directory which can be provisioned as per requiremenent. Once a directory is provisioned, user management(user provisioning, user-deprovisioning, password management, access levels) is done from the directory. Connection to third party applications with the directory is provided with various connectors.
miniOrange Directory Services can be used by both cloud service and on-premise service for authentication. Using miniOrange, any SAML enabled cloud service can authenticate using identities stored in the Directory Services. The cloud service has the role of a Service Provider(SP), Directory Services is the Identity Store and miniOrange acts as the Identity Provider(IdP) connecting the Directory Services and cloud service providing authentication and management. Any on-premise service which supports LDAP authentication can also authenticate using identities stores in Directory Services.
Here we will show the example of how to configure a cloud service, Google Apps, to authenticate using identities in Directory Services.
Step 1: Configure Single Sign On (SSO) Settings for Google Apps
- Refer to this guide to configure Single Sign On (SSO) for Google Apps.
Step 2: Add a Directory
- Go to Directory Services tab from menu and click on Add Directory.
- Enter the Directory Identifier eg. ldap.
- Enter the Organization Name. Make sure it is not appeneded with .com or .net in the end. eg. miniOrange
- Enter Administrator Password and Confirm Administrator Password for the directory being created.
- Click on Add Directory.
- This will add a directory and also create an Identity source which can be seen from Identity Sources tab from menu.
Step 3: Setup Provisioning for Directory
- Go to Users/Groups > User Provisioning tab from menu and click on Add Directory.
- Select the Application Active Directory from the drop down menu.
- Check/Un-check Provisioning Features according to functions which have to be provisioned to miniOrange. Ideally, keep all options checked.
- Click on Save.
Step 4: Test Authentication from Directory
- Go to Identity Sources tab from menu.
- Click on Test Configuration.
- Enter username and password to test.
- On successful test, click on Edit.
- Turn on Activate LDAP and Save.
- In a new browser, go to Google Mail with URL in the format eg. mail.company.com.
- Page will be redirected to miniOrange login. Enter LDAP credentials to login.
- This will login to Google Mail using LDAP credentials.
Here we will show the example of how to configure an on-premise service, OpenVPN, to authenticate using identities in Directory Services.
Step 1: Add Directory
Step 2: Configure Directory in OpenVPN
- Go to Directory Service tab from menu.
- Click on Information against added directory.
- In a new tab, open OpenVPN admin configuration.
- Go to LDAP under Authentication from menu.
- Configure LDAP authentication from directory details in miniOrange.
- Configure Primary Server from LDAP Server URL without ldap:// and port.
- Configure Bind DN from Service Account DN.
- Configure the Password from Service Account Password.
- Configure Base DN for User Entries from Search Base.
- Set Username Attribute as mail and click on Save Settings.
Step 3: Test Authentication from Directory
- Open OpenVPN Connect.
- Enter hostname of the server and click on Continue.
- Enter LDAP credentials in Username and Password to login and click on Connect.
- The connection to the VPN will be established using LDAP credentials.