• Home
• Login with External IDP
• NetIQ as IDP Setup Guide

Configure NetIQ as SAML IDP for SSO

---

miniOrange Identity Broker service solution enables cross protocol authentication. You can configure NetIQ as an IDP for Single Sign-On (SSO) into your applications/websites. Here, NetIQ will act as an Identity Provider (IDP) and miniOrange will act as a broker.

We offer a pre-built solution for integrating with NetIQ, making it easier and quick to implement. Our team can also help you set up NetIQ as SAML IDP to login into your applications.

Prerequisite:

• To get started you need to have an active NetIQ account with administrator rights for your organization.
• Get the miniOrange SP metadata that you will require in the first step. For this, go to the miniOrange Admin Console >> Identity Providers >> Add Identity provider. Under Choose Identity Provider, select SAML from the dropdown and go to SAML Provider. Then click on the Click here link.



• Click on Show metadata Details under For SP - Initiated SSO. Keep ACS URL and Entity ID or Issuer which you will require in NetIQ console in Step 1.

Steps to setup NetIQ as an IDP and miniOrange as a Service Provider (SP) for SSO login

1. Configure miniOrange as Service Provider (SP) in NetIQ

• Log in to NetIQ.
• Click Events -> Add.
• Specify a name for the new event.
• Change the Event type to SAML2.
• Select the required chains for the event.
• Copy and paste your Service Provider's SAML 2.0 metadata to SP SAML 2.0 metadata.
• Click Policies -> Web Authentication.
• Specify the Identity Provider’s URL in Identity Provider URL
• Click Download IdP SAML 2.0 and save the metadata for further use in configuring NetIQ in miniOrange.

You have successfully configured NetIQ as SAML IdP (Identity Provider) for achieving NetIQ SSO login.

2. Configure NetIQ as IDP in miniOrange

• Go back to the miniOrange Admin console and navigate to Identity Providers in the left navigation menu. Then, click on Add Identity Provider button.



• In Choose Identity Provider, select SAML from the dropdown.



• Search for SAML Provider.



• Click on Import IDP metadata.



• Upload the XML metadata file that you downloaded from the NetIQ in Step 1 using the Import IDP Metadata feature.
• Enter the IDP Name as NetIQ, select File as the IDP Metadata format and upload the XML file.
• Then click on the Import button.



• Your IDP metadata details will be auto-filled.
• Few other optional features that can be added to the Identity Provider(IDP) are listed in the table below:

  Domain Mapping	Can be used to redirect specific domain user to specific IDP
  Show IdP to Users	Enable this if you want to show this IDP to all users during Login
  Send Configured Attributes	Enabling this would allow you to add attributes to be sent from IDP

• Click on Save.

3. Test Connection

• Visit your Login Page URL.
• Go to Identity Providers tab.
• Search for your app, click the three dots in the Actions menu, and select Test Connection against the Identity Provider (IDP) you configured.



• On entering valid NetIQ credentials (credentials of user assigned to app created in NetIQ), you will see a pop-up window which is shown in the below screen.



• Hence your configuration of NetIQ as IDP in miniOrange is successfully completed.

Configure Attribute Mapping

• Go to Identity Providers.
• Click the three dots in the Actions menu, and select Attribute Mapping against the Identity Provider (IDP) you configured.

• Attribute Type - USER
• Attribute Type - EXTERNAL

Maps information, such as email and username, during Just-In-Time (JIT) user creation. Email and Username attributes are necessary to create the user profile.

• Click on the + Add Attribute button to add the attribute fields.



• Check the attributes in the Test Connection window from the previous step. Choose any attribute names you want to send to your application under Attribute Name sent to SP.
• Enter the values of the attributes coming from IdP into the Attribute Name from IdP field on the Xecurify side.

EXTERNAL mappings help alter incoming attribute names before sending them to apps, ensuring that the data is in the correct format.

• Click on the + Add Attribute button to add the attribute fields.



• Check attributes in test connection window from last step. Enter the attribute names (any name) that you want to send to your application under Attribute Name sent to SP.
• Enter the value of attributes that are coming from IdP into the Attribute Name from IdP field on the Xecurify side.

External References

• Know More about Single Sign On
• Learn more about how miniOrange functions as an Identity Broker