Note : The information contained on this page does not create a joint venture, partnership, agency or other form of association, or an express or implied license grant by either party to the other under any patent, trademark, copyright, trade secret or other intellectual property right.
miniOrange provides secure access to Google Apps for enterprises and full control over access of Google Apps application, Single Sign On (SSO) into your Google Apps Account with one set of login credentials. miniOrange prevents frauds with its dynamic risk engine in conjunction with enterprise specific security policy. We support a combination of the Device Id, Location and Time of access as multi-factor authentication that can detect and block fraud in real-time, without any interaction with the user. Now you can restrict use of Google Apps only within intranet and block user access from outside network.
miniOrange allow you to restrict use of Google Apps only within intranet ( office premises ) and blocks user access from outside network. Also you can keep access open for some users from outside network by creating different group for them.
Login to your applications with Google Apps as IdP. Check out the step-by-step guides to configure Google Apps as IdP for Single Sign On to WordPress or Canvas LMS.
Step 1: Configure Single Sign On (SSO) Settings for Google Apps
Step 2: Steps to restrict access of Google Apps outside office premises (IP Based restriction)
Step 3: Setup Single Sign On for your domain in Google Apps
Step 4: Now sign in to your Google Apps account with miniOrange IdP by either of the two steps:
1. Using SP initiated login :-
2. Using IdP initiated login :-
STEP 1: Configure Wordpress site as SAML Service Provider in Google Apps
ACS URL | ACS (AssertionConsumerService) URL from Step1 of the plugin under How to Setup SP in Google Apps Tab. |
Entity ID | SP-EntityID / Issuer from Step1 of the plugin under How to Setup SP in Google Apps Tab. |
Signed Response | Checked |
Name ID | Select Basic Information from the first dropdown. Then Primary Email from the second dropdown. |
STEP 2: Configuring Google Apps as Identity Provider in Wordpress Login with Google Apps plugin
Identity provider Name: | GoogleApps |
SAML Login URL | The SSO URL that you noted down while configuring the Wordpress site in Google Apps. |
IdP Entity ID or Issuer | The Entity ID that you noted down while configuring the Wordpress site in Google Apps. |
X.509 Certificate | Open the downloaded certificate in the Notepad. Copy paste the entire content of the file here. |
Response Signed | Checked |
Assertion Signed | UnChecked |
STEP 1: Identify your primary Identity source and configure it in miniOrange.
ACS Url | https://login.xecurify.com/moas/broker/login/saml/acs/<YOUR_CUSTOMER_KEY> |
SP Entity ID | https://login.xecurify.com/moas/ |
Step 2: Configure Single Sign On (SSO) Settings for Canvas LMS
Step 3: Configure Single Sign On (SSO) SAML Settings in Canvas LMS
IdP Entity ID | https://login.xecurify.com/moas |
Log On URL | https://login.xecurify.com/moas/broker/login/saml/acs/<YOUR_CUSTOMER_KEY> |
Certificate Fingerprint | Follow the steps below to copy the Thumbprint of certificate. |
Login Attribute | NameID |
Identifier Format | urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress |
Authentication Context | urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport |
A new work law in some countries impose restrictions on the working hours of an employee. If a worker receives such an e-mail and has to act on it, he or she qualifies for overtime pay. In such scenario, companies can restrict access by turning off email servers physically and stop the flow of incoming messages, which is indeed not a good solution. Companies need to refrain group of employees from checking inbox after office hours.
miniOrange Google apps security along with fraud prevention dynamically analyses users request and applies time based restrictions policies to application (Google apps) access, which minimizes the risk of access after office hours. Also if user is already logged in into Google apps, miniOrange automatically logs out all the users after office hours which is configured by administrator.
Time based restrictions can be set up by configuring a policy so that employees won’t access any email after office hours. A time slot can be set up in time restriction field in which cloud application can be accessed. A report stating access deniel is received if employee tries to access the application outside the declared time slot. Time based restrictions can be set up by configuring Risk Based Access / Adaptive Authentication policy. Forced logout option has to be set up necessarily in order to set time restriction.
"Time Restrictions highly matter when business remuneration outflow is governed by employee working hours"
The restrictions which can be set by setting up policy during configuration of Google apps single sign-on are discussed below.
Google apps is set up for Single Sign On and access of Google apps outside office premise can be restricted by using IP based restriction. IP restriction restricts access within a network which minimizes the risk of unauthorized access. Access can be kept open for some users from outside network by creating different group for them.
Device restriction policy sets limit on number of devices from which user can access the account. This ensures that user can login only from his or her device and no one else can login to users account even if he or she knows the credentials.
With location based restriction user can setup policy to configure list of allowed locations and blocked locations. This will be needed in a case where you want to restrict your application access to specific locations and removing risk of attacks by blocking all other locations.
For further details refer :
https://developers.google.com/google-apps/sso/saml_reference_implementation
https://support.google.com/a/answer/60224?hl=en
miniOrange provides 24/7 support for all the Secure Identity Solutions. We ensure high quality support to meet your satisfaction.
Try Nowminiorange provides most affordable Secure Identity Solutions for all type of use cases and offers different packages based on customer's requirement.
Request A QuoteWe offer Secure Identity Solutions for Single Sign-On, Two Factor Authentication, Adaptive MFA, Provisioning, and much more. Please contact us at -
+1 978 658 9387 (US) , +91 77966 99612 (India) | info@xecurify.com