Hello there!

Need Help? We are right here!

support
miniOrange Email Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com

Sharepoint Single Sign On
miniOrange provides a ready to use solution for Sharepoint. This Single Sign On solution ensures that you are ready to roll out secure access to your users to log in into Sharepoint.

SharePoint

Sharepoint is a web-based collaborative platform which is integrated in office 365 suite. It is a platform for various programs. It is a backend system that ties your employee PCs and mobile devices together, allowing them to interact and synchronize their efforts. Sharepoint allows the employees for enterprise users to save their documents and access them centrally for better business. Office 365 is a suite of applications which consists office applications as well as cloud related services that are enabled over internet. Office 365 business plans include services like web conferencing and email services for business.

Our Solution

miniOrange provides Single Sign On (SSO) to any type of applications whether they are in the cloud or on-premise. With Single Sign-On, Office 365 can put its existing trusted IdP in charge of the authentication process. Active directory is configured as identity source within miniOrange, which is set as default identity source. Due to this authentication will happen against active directory credentials and appropriate user attributes such as immutable id will be fetched upon successful authentication against Active Directory credentials. After configuring the identity source, users present in Active Directory can login into the end user dashboard through their Active Directory credentials. In case user does not exist within miniOrange, the user is created on the fly and configured directory attributes are fetched and stored in the user profile.

Advantages of Single Sign On solution:

  • User can login using single credentials, no need to remember different user names and passwords.
  • User is created on the fly so no need to manually create user in miniOrange.
  • Users can configure 2 Factor Authentication as part of the sign-on process. miniOrange supports 15+ two factor authentication methods.

Login flow for Sharepoint


sharepoint sso login flow

Pre-Requisites

  • If you are using OnPremise Instance, no need to follow the step given below, it is required only for Cloud Instance. You can directly jump to 'Step 1'

  • If you are using Cloud IdP, you have to setup the branding because this functionality works only in case customer branding is set.

Steps to set up Single Sign On for SharePoint

Step 1: Adding LDAP Identity Source in miniOrange


  1. Login to your MiniOrange Admin DashBoard
  2. From the Side Menu, Click on User Stores>>Add User Store

sharepoint sso set the following configuration

  3. Select AD/LDAP option. On the Configuration page, Select Directory Type.

sharepoint sso set the following configuration



  4. Fill up all the details, scroll down, you will see options to Activate LDAP. Enable it
  Click on Save.

sharepoint sso set the following configuration



Here's the list of the attributes and what it does when we enable it. You can enable/disable accordingly.

Attribute Description
Activate LDAP All user authentications will be done with LDAP credentials if you Activate it
Sync users in miniOrange Users will be created in miniOrange after authentication with LDAP
Backup Authentication If LDAP credentials fail then user will be authenticated through miniOrange
Allow users to change password This allows your users to change their password. It updates the new credentials in your LDAP server
Enable administrator login On enabling this, your miniOrange Administrator login authenticates using your LDAP server
Show IdP to users If you enable this option, this IdP will be visible to users
Send Configured Attributes If you enable this option, then only the attributes configured below will be sent in attributes at the time of login



Step 2: Add Office365 Single Sign On (SSO) App

  • Login to miniOrange Admin Console.
  • Go to Apps >> Manage Apps . Click Configure Apps button.
  • Click on SAML tab. Select Office365 and click Add App button.
  • office365 sso configuration steps

  • Make sure the SP Entity ID or Issuer is: urn:federation:MicrosoftOnline.
  • Make sure the ACS URL is: https://login.microsoftonline.com/login.srf.
  • Add an attribute with attribute name as IDPEmail and select attribute value as E-mail Address.
  • Set the authentication policy. You can choose to enable 2FA for login or have users login using a standard username-password.
  • Click on Save to configure Office365.
  • Click on Metadata link to see the Identity Provider information required to configure Office 365. Note down the following information.
    • IdP Entity ID/Issuer
    • Logout URL
    • Login URL
    • X.509 Certificate
  • office365 metadata


  • You can Copy these values when using MiniOrange as IdP
  • office365-metadata

  • You can Copy these values when using External IdP (i.e. MiniOrange as Broker)
  • office365-metadata



Step 3: Configure Microsoft Online Services

  • Open Powershell in Administrator Mode. The Microsoft Online Services module needs to be installed for the below commands to run.
    • Install-Module -Name AzureAD
      • If prompted about installing a module from an untrusted repository, type Y and press ENTER.
    • Install the 64-bit version of the Microsoft Online Services Sign-in Assistant. Download it from here.
    • Run the Following command in Powershell to install MSOnline Module : Install-Module MSOnline
      • If prompted to install the NuGet provider, type Y and press ENTER.
      • If prompted to install the module from PSGallery, type Y and press ENTER.
  • Execute the following Powershell commands:
    • $cred = Get-Credential. Enter Office 365 Administrator credentials.
    • Connect-MsolService -Credential $cred.
    • Replace the following information with the one noted in above step:
      • Replace ##DOMAIN NAME## by your Active Directory Domain Name. Ensure that the domain is not the default domain name as the default one cannot be set as the federated domain
      • Replace ##IDP ENTITY ID## with the IdP Entity ID/Issuer Noted above.
      • Replace ##LOGOUT URL## with the Logout URL Noted above.
      • Replace ##CERTIFCATE## with the X.509 Certificate Noted above.
    • Set-MsolDomainAuthentication -Authentication Federated -DomainName ##DOMAIN NAME## -IssuerUri ##IDP ENTITY ID## -LogOffUri "##LOGOUT URL##" -PassiveLogOnUri "##LOGIN URL##" -SigningCertificate "##CERTIFICATE## -PreferredAuthenticationProtocol SAMLP
  • Note: You cannot federate your default "onmicrosoft.com" domain. To federate your Office 365 tenant, you must add a custom domain to Office 365.

Step 4: Add External Sharepoint App in the end user dashboard

 1. Login to Admin Dashboard, from sidebar, select Apps.Click on Configure Apps

sharepoint sso check the following option


 2. Click on External/JWT/PwdLess category. From two options, select External App (As shown in image)

sharepoint sso check the following option

 3. Enter the required information on the configuration page (as shown in the image below). Add the following External URL:
https://login.microsoftonline.com/login.srf?wa=wsignin1.0&whr="##DOMAIN_NAME##"&wreply="##url"
 Check the Show PasswordLess App option

sharepoint sso check the following option

4. Click on Save


Step 5: Login with LDAP Credentials


 1. Navigate to the Branded Login Page.
 2. Enter the following credentials like User Name and Password.
 3. User gets created with the Username of miniOrange and email of Gmail account.
 4. The links to Office 365 and Sharepoint app appears on screen.
 5. Click on these in order to get logged in into Office 365 and Sharepoint respectively.

We offer Security Solutions of Single Sign-On, Two Factor Authentication, Fraud Prevention and much more.

Please call us at +1978 658 9387 (US), +91 77966 99612 (India) or email us at info@xecurify.com