miniOrange provides secure access to Salesforce for enterprises and full control over access of applications, Single Sign On (SSO) into your Salesforce Account with one set of login credentials.
miniOrange Single Sign On (SSO) Solution provides easy and seamless access to all enterprise resources with one set of credentials, miniOrange provides Single Sign On (SSO) to any type of devices or applications whether they are in the cloud or on-premise.
Secure your Salesforce app from password thefts using multi factor authentication methods with 15+ authentication types provided by miniOrange. Our multi factor authentication methods prevent unauthorized users from accessing information and resources having password alone as authentication factor. Enabling second factor authentication for Salesforce protects you against password thefts.
miniOrange prevents frauds with its dynamic risk engine in conjunction with enterprise specific security policy. We support a combination of the Device Id, Location and Time of access as multi-factor authentication that can detect and block fraud in real-time, without any interaction with the user.
miniOrange supports both IdP (Identity Provider) and SP (Service Provider) initiated Single Sign On (SSO)
In IdP Initiated Login, SAML request is initiated from miniOrange IdP.
In SP Initiated Login, SAML request is initiated by Salesforce.
Step 1: Creating your own Salesforce domain (skip this step if you already have a Salesforce domain)
Step 2: Configure Single Sign On (SSO) Settings
Issuer | https://login.xecurify.com/moas |
Entity ID | https://[yourdomain].my.salesforce.com |
Identity Provider Certificate | Upload the certificate downloaded from miniOrange Admin Console |
Signing Certificate | Default Certificate |
Assertion Decryption Certificate | Assertion not encrypted |
SAML Identity Type | Assertion contains User’s salesforce.com username |
SAML Identity Location | Identity is in the NameIdentifier element of the subject statement |
Identity Provider Login URL | https://login.xecurify.com/moas/idp/samlsso |
Identity Provider Logout URL | https://[yourdomain].my.salesforce.com |
Service Provider Initiated Request Binding | HTTP Redirect |
Refer below for further queries. The input fields Issuer, Entity ID, Identity Provider, Signing Certificate, Assertion Decryption Certificate,SAML Identity Type, SAML Identity Location, Identity Provider Login URL and Service Provider Initiated Request Binding in the image should be entered as described in table above.
Step 3: Create a policy for Salesforce
Step 4: Onboard users into our system
Step 5: Login to miniOrange Account
Step 1: Creating your own Salesforce domain (skip this step if you already have a Salesforce domain)
Step 2: Enable Identity Provider in Salesforce
Step 3: Creating Connected App in Salesforce
Connected App Name | Google Apps |
Contact Email | Enter your support team email |
Enable SAML | Select this check box |
Entity ID | https://www.google.com/a/<YOUR_GOOGLE_APPS_DOMAIN>/acs |
ACS URL | https://www.google.com/a/<YOUR_GOOGLE_APPS_DOMAIN>/acs |
Step 4: Configure Single Sign On Settings in Google Apps admin console
Sign-in page URL | Copy the Idp-Initiated Login URL you copied while configuring Connected App in Salesforce. |
Sign-out page URL | <ISSUER_VALUE_IN_CONNECTED_APP>/secur/logout.jsp |
Change password URL | Copy the Idp-Initiated Login URL you copied while configuring Connected App in Salesforce. |
Verification Certificate | Upload the certificate you downloaded from Salesforce while enabling Identity Provider. |
Step 1: Creating your own Salesforce domain (skip this step if you already have a Salesforce domain)
Step 2: Configure Single Sign On (SSO) Settings
Provider Type | OpenId Connect |
Name | miniOrange |
Consumer Key | Enter the Client ID noted in Step 4. |
Consumer Secret | Enter the Client Secret noted in Step 4. |
Authorize Endpoint URL | https://login.xecurify.com/moas/idp/openidsso |
Token Endpoint URL | https://login.xecurify.com/moas/rest/token/accesstoken |
User Info Endpoint URL | https://login.xecurify.com/moas/rest/protected/userinfo |
Registration Handler | Automatically create a Registration Handler |
Execute Registration As | Select User |
global User createUser(Id portalId, Auth.UserData data){
//The user is authorized, so create their Salesforce user
User u = new User();
Profile p = [SELECT Id FROM profile WHERE name='Standard User'];
//TODO: Customize the username. Also check that the username doesn't already exist and
//possibly ensure there are enough org licenses to create a user. Must be 80 characters
//or less.
u.username = data.username + '@myorg.com';
u.email = data.email;
u.lastName = data.lastName;
u.firstName = data.firstName;
String alias = data.username;
//Alias must be 8 characters or less
if(alias.length() > 8) {
alias = alias.substring(0, 8);
}
u.alias = alias;
u.languagelocalekey = UserInfo.getLocale();
u.localesidkey = UserInfo.getLocale();
u.emailEncodingKey = 'UTF-8';
u.timeZoneSidKey = 'America/Los_Angeles';
u.profileId = p.Id;
return u;
}
Step 3: Create a policy for Salesforce
Step 4: Redirecting Salesforce login to miniOrange IdP for Single Sign On (SSO)
The most practical way to strengthen authentication is to require a second factor after the username/password stage. Since a password is something that a user knows, ensuring that the user also has something or using biometrics thwarts attackers that steal or gain access to passwords.
Traditional two-factor authentication solutions use hardware tokens (or "fobs") that users carry on their keychains. These tokens generate one-time passwords for the second stage of the login process. However, hardware tokens can cost up to $40 each. It takes time and effort to distribute them, track who has which one, and replace them when they break. They're easy to lose, hard to use, and users consistently report high levels of frustration with token-based systems.
miniOrange authentication service has 15+ authentication methods.
You can choose from any of the above authentication methods to augment your password based authentication. miniOrange authentication service works with all phone types, from landlines to smart-phone platforms. In the simplest case, users just answer a phone call and press a button to authenticate. miniOrange authentication service works internationally, and has customers authenticating from many countries around the world.
For further details refer :
Salesforce SAML SSO
Salesforce Single Sign On (SSO)
Configure an OpenID Connect Authentication Provider
miniOrange provides 24/7 support for all the Secure Identity Solutions. We ensure high quality support to meet your satisfaction.
Try Nowminiorange provides most affordable Secure Identity Solutions for all type of use cases and offers different packages based on customer's requirement.
Request A QuoteWe offer Secure Identity Solutions for Single Sign-On, Two Factor Authentication, Adaptive MFA, Provisioning, and much more. Please contact us at -
+1 978 658 9387 (US) , +91 77966 99612 (India) | info@xecurify.com