Need Help? We are right here!
miniOrange supports Single Sign-on into your apps, to securely login for admins and users. miniOrange supports several different protocols for your applications, such as SAML, WS-FED, OAuth, OIDC, JWT, RADIUS, etc. Using Single Sign-on, users can use one set of credentials to login to multiple applications. This improves security, as it reduces avenues for phishing attacks, and also improves access to your application.
Security Assertion Markup Language (SAML) is an XML standard that allows secure web domains to exchange user authentication and authorization data. Using SAML, an online service provider (SP) can contact a separate online identity provider to authenticate users who are trying to access secure content. miniOrange provides a solution to perform single sign-on (SSO) for applications supporting SAML protocol, like AWS, WordPress, Atlassian, Dropbox Enterprise, moodle, SAP, Zoho, zendesk, etc. The steps to configure SSO settings for SAML applications on miniOrange are as follows.
|URL||You get the URL for Metadata information from the Service Provider, you can directly add this URL in the input field provided|
|Text||When you select Text option, you will have to fill all the attributes manually|
|File||When you select File option, you can directly upload the XML file containing all the information.|
|Relay State||Enter the URL where you want the user to redirect after sign in to the application.|
|Override Relay state||Enable this to override the default relay state of the SP|
|Show On End User Dashboard||Disable this if you do not want the app to be visible for all users on end user dashboard|
|Signed Request||Enable this to sign the request sent by SP to IdP. Provide the X509 certificate or upload the certificate.|
|Signature Algorithm||Select the algorithm that will be used to sign the SAML request/response.|
|Encrypt Assertion||Select this if you want to encrypt the assertion in SAML response and provide the algorithm and certificate for encryption.|
|SAML Authentication Validity Period||The time for which the authentication should be considered valid and the user should be able to perform SSO. After that, the user will have to sign in again.|
|Add Name Format||Enable this to choose a custom name format based on the SP.|
|Name Format||Select the format that is supported by the SP.|
|Identity Source||Select the identity source from where you want the authentication to happen. You will see the list of all configured sources.|
|Force Authentication||Enable this to enforce authentication on each request to access the application.|
|Logout Response Binding||A Logout Response is sent in reply to a Logout Request from SP. It could be sent by an Identity Provider or Service Provider.|
|IdP initiated Logout Request Binding||A Logout Response is sent in reply to a Logout Request from the IdP dashboard. It could be sent by an Identity Provider or Service Provider.