Overview
Enterprises running PeopleSoft often need to support multiple user types, workforce, and third-party users without compromising security or user experience.
In this use case, miniOrange Access Gateway was implemented as a secure proxy to enable seamless SSO for Workforce Users through Entra ID while enforcing enhanced MFA for Third-Party Users. The deployment required minimal configuration adjustments within PeopleSoft to integrate it with the gateway and support secure, policy-driven authentication flows.
The Challenge
The organization needed to secure PeopleSoft access while meeting the following requirements:
- Enable Single Sign-On (SSO) for Workforce Users through Microsoft Entra ID.
- Enforce Multi-Factor Authentication (MFA) for Third-Party Users.
- Support different authentication flows for different user types.
- Avoid direct exposure of PeopleSoft to the internet.
- Enable the solution through minor configuration adjustments in PeopleSoft.
Traditional access methods like VPNs or uniform authentication policies failed to provide the flexibility and control required.
Why Traditional Access Models Fell Short
- Same authentication flow for all users, regardless of risk.
- No clean way to route users to different identity providers.
- Limited control over conditional MFA enforcement.
- Increased attack surface due to direct application exposure.
The Solution: miniOrange Access Gateway
miniOrange deployed Access Gateway as a reverse proxy in front of PeopleSoft, enabling identity-aware access enforcement before users reach the application.
Key Components Used:
miniOrange Access Gateway (MAG)
Acts as the secure proxy and policy enforcement point in front of PeopleSoft.
miniOrange Identity Provider (IDP)
Handles MFA for third-party users; OTP generation and validation.
Microsoft Entra ID
Authenticates workforce users via SSO for seamless access to PeopleSoft.
How the Access Flow Works
- Users access PeopleSoft through the Access Gateway URL.
- The gateway displays a user type selection page:
- Workforce User
- Third-Party User
- Workforce User
- Redirected to Entra ID for authentication
- After successful login, seamlessly redirected to PeopleSoft
- Third-Party User
- Redirected to the PeopleSoft login page.
- After credential validation, Access Gateway enforces MFA.
- MFA Validation
- Handled by miniOrange IDP
- OTP verification completed before granting access
All access decisions are enforced before the user reaches PeopleSoft.
Ready to Secure Your Enterprise Applications?
See how miniOrange Access Gateway can work in your environment.
Start Free Trial
Book a Demo
Security & Business Outcomes
- SSO is enabled for workforce users using Entra ID.
- Risk-based MFA is enforced only for Third-Party Users.
- Easy integration with limited PeopleSoft configuration adjustments.
- Reduced the attack surface by hiding PeopleSoft behind a proxy.
- Improved user experience without weakening security.
Why miniOrange Access Gateway
Unlike VPNs or legacy access solutions, the miniOrange Access Gateway:
- Works with legacy and modern applications
- Supports multiple authentication flows for the same app
- Enables identity-aware access control
- Acts as a Zero Trust enforcement layer
- Integrates easily with existing IAM ecosystems
Use Case Fit
This solution is ideal for organizations that:
- Run PeopleSoft or other legacy enterprise apps
- Have mixed user populations (Workforce + Third-Party Users)
- Want to implement SSO and MFA without app changes
- Need granular access control beyond basic authentication
