Hello there!

Need Help? We are right here!

support
miniOrange Email Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com

Kentico SAML single sign-on (SSO)
miniOrange Kentico SAML 2.0 Single Sign-On(SSO) acts as a SAML Service Provider which can be configured to establish the trust between the Kentico and a SAML capable Identity Provider to securely authenticate the users into your application. The solution uses the SAML protocol for exchanging authentication and authorization data with the Identity Provider.

        Setup guide Download

Kentico


Kentico CMS is a web content management system (WCMS) for building websites, online stores, intranets, and Web 2.0 community sites. Kentico CMS uses ASP.NET and Microsoft SQL Server for development via its Portal Engine, using Visual Studio, or through Microsoft MVC.Kentico is the only fully integrated ASP.NET CMS, E-commerce, and Online Marketing platform that allows you to create truly optimized digital customer experiences across multiple channels. With Web Farms, Continuous Integration, GDPR and Data Protection, and MVC development fully supported across the platform, Kentico empowers your developers to deliver state-of-art websites and experiences faster.

Features

Single Sign On

Easy and seamless access to all resources. Single Sign On (SSO) into your kentico site via any existing SAML 2.0 Identity Provider (IdP).

Protect your complete Site

You can restrict your kentico site to only logged in users by redirecting the users to your IdP if logged in session is not found.


User Auto-Registration

You can have option to auto-register users in Kentico after Single Sign-On (SSO).


Single Logout

Allows a user to logout from all server sessions established via SAML SSO by initiating the logout process once.


Attribute Mapping

Offers you to map the attributes from your IdP to your Kentico user's attributes..


Role Mapping

Map your Identity Provider roles to your Kentico roles and restrict resources to specific roles.


Mutiple IdP’s support

Support SSO with multiple Identity providers.


Custom Certificate

Add your own custom X.509 Certificate for sending signed Request and verification of signed Response.


Auto-sync IdP Configuration from metadata

Keep your IDP SAML Configuration and Certificates updated and in sync.


Federation’s Support

Allows users to Single Sign On into the site via their institution that is affiliated with InCommon Federation.


Steps to Configure the Kentico SAML 2.0 Single Sign-On (SSO) Module

Step 1: Download and extract the package

  • Download miniOrange Kentico SAML 2.0 Module.
  • For Setting up the connector, extract the kentico-saml-sso-module.zip, you will find a DLL file miniorange-saml-sso.dll, a configuration file saml.config, and an integration.md file which contains the steps for adding the module into your application.

Step 2: Add the module in your application

  • Add miniorange-saml-sso.dll in the bin folder (where your other DLL files exist) for your kentico site.
  • Register miniorangesamlsso module for your kentico site according to the provided steps in the integration.md file.
  • Add the provided configuration file saml.config in the root directory for your kentico site.
  • After integration open browser and browse the connector dashboard with URL below:
  • https://<kentico-site-base-url>/?ssoaction=config
  • IIt will pop up the registration page or login page. You have successfully added the miniOrange saml sso module on your kentico site.
  • kentico single sign on sso login page


Step 3: Configure your Identity Provider

    There are below two ways with which you can get the SAML SP metadata to configure on your identity provider end.

    A] Using SAML metadata URL or metadata file:

  • Under the Service Provider Settings section, you can find the metadata URL as well as the option to download the SAML metadata.
  • Copy metadata URL or download metadata file to configure the same on your identity provider end.
  • You can refer to the below screenshot:
  • kentico single sign on sso configuration

    B] Uploading metadata manually:

  • From the Service Provider Settings section, you can copy the service provider metadata manually like SP Entity ID, ACS Url, Single Logout Url, and provide it to your identity provider for configuration.
  • You can refer to the below screenshot:
  • kentico single sign on sso configuration

Step 4: Configure your Service Provider

    There are below two ways with which you can configure your SAML identity provider metadata in the module.

    A] Upload metadata using the Upload IDP Metadata button:

  • If your identity provider has provided you with the metadata URL or metadata file (.xml format only) then you simply configure the identity provider metadata in the module using the Upload IdP Metadata option.
  • You can refer to the below screenshot.
  • kentico single sign on sso test configuration

  • You can choose any one of the options according to the metadata format you are available with.
  • B] Configure the identity provider metadata manually:

  • After configuring your Identity Provider, it will provide you with IDP Entity ID, IDP Single Sign On URL and x.509 Certificate. Configure these values under IDP Entity ID, Single Sign-On Url and SAML X509 Certificate fields respectively.
  • Click Save to Save your IDP details.
  • kentico single sign on idp metadata

Step 5: Test Configuration

  • Click on the Test Configuration button to test whether the SAML configuration you’ve done is correct or not.
  • The below screenshot shows a successful result.
  • kentico single sign on sso test configuration successful

Step 6: Attribute Mapping

  • Map your Kentico user profile attributes with the Identity Provider (IdP) attributes.
  • kentico single sign on sso attribute

Step 7: Use the following link in your Kentico site to initiate Single Sign-On (SSO)

  • Use the following URL as a link in your application from where you want to perform SSO:
    http://<kentico-base-url>/?ssoaction=login
  • For example you can use it as:
    <a href="http://<kentico-base-url>/?ssoaction=login”>Log in</a>"

Step 8: Use the following link to your Kentico site to initiate Single Logout

  • Use the following URL as a link in your application from where you want to perform SLO:
    http://base-url/?ssoaction=logout
  • For example you can use it as:
    <a href="http://base-url/?ssoaction=logout”>Log out</a>"


  • You can configure the kentico SAML 2.0 Single Sign-On (SSO) module with any Identity Provider such as ADFS, Azure AD, Bitium, Centrify, G Suite, JBoss Keycloak, Okta, OneLogin, Salesforce, AWS Cognito, OpenAM, Oracle, PingFederate, PingOne, RSA SecureID, Shibboleth-2, Shibboleth-3, SimpleSAML, WSO2 or even with your own custom identity provider.

    Not able to find your IdP? Contact us at info@xecurify.com and we'll help you set up SSO with your IdP in no time.



    We do provide SSO solutions for the following:

    SAML SSO into Custom ASP.NET apps Click here to know more
    SAML SSO into DotNetNuke (DNN) site Click here to know more
    OAuth SSO into DotNetNuke (DNN) site Click here to know more
    SAML SSO into Sitefinity site Click here to know more
    SAML SSO into Umbraco site Click here to know more

miniOrange Identity Management Features

  • Single Sign-On

    miniOrange Single Sign-On (SSO) Solution provides easy and seamless access to all enterprise resources with one set of credentials. miniOrange also provides secure authentication by establishing a trust relationship between the Service Provider and Identity Provider. miniOrange Single Sign-On supports SSO to any type of device or application whether they are in the cloud or on-premise. Learn More

  • Multi-factor Authentication

    Secure your application from password theft using multi-factor authentication methods with 15+ authentication types provided by miniOrange. Our multi-factor authentication methods prevent unauthorized users from accessing information and resources having passwords alone as an authentication factor. Enabling second-factor authentication for protects you against password thefts. Learn More

  • IP Blocking

    miniOrange provides IP blocking/IP restriction for login which adds security to Gmail, Web, and other applications. In this, we provide you option for IP blocking which includes both automatic (based on user behavior) and manual IP blocking which includes blacklisting and whitelisting of IP addresses to provide access restriction, the office only access, intranet access & network restriction. Learn More

  • Adaptive Authentication

    miniOrange Adaptive Authentication aims to provide a better experience to reduce the authentication burden on users while enforcing strong authentication where it is needed the most. For example, when a user attempts to access an application via an unregistered device then they may be prompted to register it. If the user logs in from a geographical location other than their office, they may be asked to answer security questions. Learn More

  • User Provisioning

    miniOrange User Provisioning provides an easy way of creation, management, and maintenance of end-users especially for large enterprises to reduce the risk for unauthorized access of information. User provisioning includes the creation, updating and deletion of user accounts. User provisioning makes life easier for admins because they do not have to manually arrange access for each user. Learn More

We can connect with any External IDP/Directory

miniOrange provides user authentication from external directories like ADFS, Microsoft Active Directory, Azure AD, OpenLDAP, Google, AWS Cognito etc. It also provides user authentication with other IDPs like Shibboleth, PING, Okta, OneLogin, KeyCloak and many more.

Can't find your IDP ? Contact us on idpsupport@xecurify.com. We'll help you set it up in no time.



More Secure authentication with Two-Factor Authentication

The most practical way to strengthen authentication is to require a second factor after the username/password stage. Since a password is something that a user knows, ensuring that the user also has something or using biometrics thwarts attackers that steal or gain access to passwords.

Traditional two-factor authentication solutions use hardware tokens (or "fobs") that users carry on their keychains. These tokens generate one-time passwords for the second stage of the login process. However, hardware tokens can cost up to $40 each. It takes time and effort to distribute them, tracks who has which one, and replace them when they break. They're easy to lose, hard to use, and users consistently report high levels of frustration with token-based systems.


Your choice of the second factor

miniOrange authentication service has 15+ authentication methods.

You can choose from any of the above authentication methods to augment your password based authentication. miniOrange authentication service works with all phone types, from landlines to smart-phone platforms. In the simplest case, users just answer a phone call and press a button to authenticate. miniOrange authentication service works internationally and has customers authenticating from many countries around the world.


miniOrange helps you with adding login/authentication into your nopCommerce site using OAuth, OpenID, ADFS, SAML and WSFED protocols. Looking for site integration with legacy apps such as Active Directory, SiteMinder, Radius, Unix and so on, we can help you with that.

Why Our Customers choose miniOrange Secure Identity Solutions ?


24/7 Support

miniOrange provides 24/7 support for all the Secure Identity Solutions. We ensure high quality support to meet your satisfaction.

Try Now

Affordable Pricing

miniorange provides most affordable Secure Identity Solutions for all type of use cases and offers different packages based on customer's requirement.

Request A Quote


We offer Secure Identity Solutions for Single Sign-On, Two Factor Authentication, Adaptive MFA, Provisioning, and much more. Please contact us at -

   +1 978 658 9387 (US)   ,   +91 97178 45846 (India)    |       info@xecurify.com