Thanks for your inquiry. One of our representatives will get in touch with you shortly via email.
Single Sign On (SSO) Product
miniOrange Single Sign On (SSO) product provides easy and seamless access to all enterprise resources with one set of credentials. We provide Single Sign On to any type of devices or applications whether they are in the cloud or on-premise.
miniOrange Single Sign-On (SSO) removes the need to repeatedly type usernames and passwords, which increases productivity and prevents many types of online fraud that is caused by using same or similar passwords across apps, typing in passwords in un-safe environments, password sharing etc. By enabling users to quickly and securely access applications, they can spend less time with technology and more time with their work.
Enterprise users regularly need to remember eight or more application passwords. Security best practices require those passwords be unique, strong and frequently changed. It’s no wonder enterprise users write them down, stick them to the monitor or just forget them.
miniOrange Single Sign-On (SSO) addresses these challenges by significantly reducing clicks and eliminating the need to remember or enter application usernames and passwords. Proven in enterprise environments around the world, miniOrange Single Sign-On can be used with all types of applications, saving enterprise users 15 minutes every shift, improving satisfaction levels and driving adoption.
Optimized workflows enable faster access to information and enhanced delivery. Passwords become centrally managed, simplifying HIPAA and HITECH compliance without impacting enterprise users or IT staff.
3. miniOrange Single Sign-On Admin Dashboard Overview
3.1 How to add users?
You can add users to our system in two ways-
Go to the Users/Groups tab -> Manage Users/Groups in Admin Console and click on Add User button to create a new user.
Download sample CSV format from our console and edit this CSV file according to it and upload it to our console via Bulk Upload. Note: If you can't see the Upload button, please contact us at info@miniorange.com to enable it.
To see Onboarding Status go to Dashboard tab -> on the right side, under basic features you can see the OnBoarding status just click on that. Here you can see a pie chart, showing the status of user on-boarded.
To enable, the disabled users go to the Users/Groups tab and click the dropdown menu of the last column then you can see Disable User and Enable User options. Click on Enable to unlock the user and vice versa.
To see users and policy mappings, go to the Policies -> User Policy Mapping, select the Application and enter the username, see the policies mapped against the username typed in Username field.
3.10 How to integrate with any custom application?
To integrate with any custom application you can refer to Custom App Integration under Integration tab, follow the integration guide there to integrate any custom application.
To deploy any pre integrated applications, please select any of the pre-integrated apps (viz. Google Apps, Salesforce) from the Integration tab dropdown. Follow the integration guide to integrate the apps, the diagram below depicts Google Apps Integration.
3.14 How to customize OTP Email Template Configuration?
You can add your own customized email to Customization -> Select OTP Over Email Template Configuration. Select Set Customized Email Template, edit the fields as per your requirement. You can test your Email Template Configuration by clicking on Send Test Email. Click on SAVE to save this Email Configuration.
To set forgot phone configuration, go to Account and select Forgot Phone Configuration. Set the forgot phone configuration as per your choice, it is recommended to check alternate login method for security purposes.
Our Single Sign-On service will act as a Service Provider to any IDP of your choice.
And you don't have to worry about understanding SAML protocol at all.
It can work with ADFS, Okta, salesforce, SimpleSamlPhp, Shibboleth, PING, RSA, Centrify, One Login, miniOrange or any other saml identity provider (Idp).
This SAML service returns all the attributes provided by the IdP along with the username of the logged in user.
You can then use these attributes to login user into your application.
To configure and use miniOrange Single Sign-On services, create a business free
trial account here.
Click here to login to miniOrange admin dashboard.
Go to Identity Sources from side menu.
Click on Configure Identity Source Button on top right corner on screen.
Add your Identity Source here entering all the required fields and click on SAVE button.
If you don't see the specific guide for your IDP, please contact us at info@miniorange.com.
For registering miniOrange as Service Provider in your Idp following are the endpoint urls given below:
##token## in above URL can be encrypted or
unencrypted. The token should contain Client Id (You received
from EVE Online), timestamp (Current Timestamp in milliseconds)
and API Key (The Customer API Key you collected above) seperated
by colon.
##customer_key## is the Customer Key you collected
above.
Value of encrypted value can be true or false
depending on, if the token is encrypted or not.
##returnurl## will be the url where you want to
redirect user after Login with Facebook.
For Google:
Enter https://www.googleapis.com/auth/plus.login in the Scope field.
At Google, create a new Project and enable the Google+ API.
This will enable your site to access the Google+ API
At Google, provide https://auth.miniorange.com/moas/oauth/client/callback
for the new Project's Redirect URI
At Google, you must also configure the Consent Screen with your
Email Address and Product Name. This is what Google will display
to users when they are asked to grant access to your site/app
At Google, under APIs & auth -> Credentials get Client Id by clicking on the button Create Client Id.
Collect the Client ID and Client Secret
Enter the App ID and App Secret in Client ID and Client Secret
field respectively under Apps -> Add App Credentials.
Click on SAVE button to add the Google App.
Now to integrate Login With Google, add a button and add the
following URL to it.
##token## in above URL can be encrypted or
unencrypted. The token should contain Client Id (You received
from EVE Online), timestamp (Current Timestamp in milliseconds)
and API Key (The Customer API Key you collected above) seperated
by colon.
##customer_key## is the Customer Key you collected
above.
Value of encrypted value can be true or false
depending on, if the token is encrypted or not.
##returnurl## will be the url where you want to
redirect user after Login with EVE Online.
For LinkedIn:
Leave the Scope field empty.
If you have not already done so, create an application.
If you have an existing application, select it to modify its settings.
After app creation, collect Client ID and CLient Secret from here.
Enter https://auth.miniorange.com/moas/oauth/client/callback in Authorized Redirect URLs and click on Add button.
Now click on Update button to save settings.
Enter the Client ID and Client Secret in Client ID and Client
Secret field respectively under Apps -> Add App Credentials.
Click on SAVE button to add the LinkedIn.
Now to integrate Login With LinkedIn, add a button and add the
following URL to it.
##token## in above URL can be encrypted or
unencrypted. The token should contain Client Id (You received
from EVE Online), timestamp and API Key (The Customer API Key
you collected above) seperated by colon.
##customer_key## is the Customer Key you collected
above.
Value of encrypted value can be true or false
depending on, if the token is encrypted or not.
##returnurl## will be the url where you want to
redirect user after Login with EVE Online.
For EVE Online:
Leave the Scope field empty.
At EVE Online, go to Support. Request for enabling OAuth for a
third-party application.
Add a new project/application. Generate Client ID and Client
Secret.
Enter the Client ID and Client Secret in Client ID and Client
Secret field respectively.
Click on SAVE button to add the EVE Online.
Now to integrate Login With Eveonline, add a button and add the
following URL to it.
##token## in above URL can be encrypted or
unencrypted. The token should contain Client Id (You received
from EVE Online), timestamp and API Key (The Customer API Key
you collected above) seperated by colon.
##customer_key## is the Customer Key you collected
above.
Value of encrypted value can be true or false
depending on, if the token is encrypted or not.
##returnurl## will be the url where you want to
redirect user after Login with EVE Online.
Under Apps menu in Admin Console, you can view the Apps and configure new SAML and Browser Plugin Apps. While configuring an app, you need to provide details depending on the type of app.
SAML App Configuration:
Follow the steps for the apps which support SAML eg. Google Apps, Salesforce.
Login as a customer from Admin Console.
Go to Apps >> Manage Apps. Click Configure Apps button.
Click on SAML tab. Select your app and click Add App button.
Provide following details of your application:
SP Entity ID is used to identify your app against the SAML request received from SP. SP Entity is usually but not necessarily in URL format.
ACS URL or Assertion Consumer Service URL defines where the SAML Assertion should be sent after authentication.
Single Logout URL defines where the user should be redirected after receiving the logout request from SP. You can mention your applications logout page URL here.
Audience URI, as the name suggests, specifies the valid audience for SAML Assertion. It is usually same as SP Entity ID. If Audience URI is not specified separately by SP , leave it blank.
NameID defines what SP is expecting in subject element of SAML Assertion. Generally NameID is Username of Email Address
NameID Format defines the format of subject element content, i.e. NameID.
For example, Email Address NameID Format defines that the NameID is in the form of an email address, specifically “addr-spec”. An addr-spec has the form local-part@domain, has no phrase (such as a common name) before it, has no comment (text surrounded in parentheses) after it, and is not surrounded by “<” and “>”.
If NameID Format is not externally specified by SP, leave it unspecified.
You can Add Attributes to be sent in SAML Assertion to SP. The attributes include user’s profile attributes such as first name, last name, fullname, username,email, custom profile attributes and user groups,etc.
Select a Group Name from the dropdown - the group which should have access to the SAML SSO using this app.
Give a policy name for Custom App in Policy Name.
Select the First Factor Type for authentication like Password, Mobile etc.
Enable Second Factor for authentication if required.
Click on Save button to add policy for Apps (Single Sign On).
Click on Metadata to view miniOrage IDP(Identity Provider) info or to download the metadata file which will be used by SP to configure miniOrange as IDP.
You can also configure miniOrange as IDP on SP manually using following information :
miniOrange provides the facility to host identities in a private directory which can be provisioned as per requirement. Once a directory is provisioned, user management(user provisioning, user-deprovisioning, password management, access levels) is done from the directory. Connection to third-party applications with the directory is provided with various connectors.
miniOrange combines the social media data of all your social networks at one place. Whether you are using Facebook, Twitter, Google+, Vkontakte, any social network, miniOrange visualizes and checks your social marketing success, presented in a clean and neat design to always keep the overview.
Read more.
miniOrange Authentication Products also have ready integrations with a number of leading providers, these ready solutions allow enterprises quickly increase the security of information and resources without worrying about time for initial set up or future upgrades. The following custom connectors exist:
Java Connector
.NET Connector
Desktop application connector
Credential Vault connector
Mobile apps Single Sign-On
Windows Single Sign-On
Application connectors also exist for 4500+ cloud and legacy applications.
Read more. Back to top
9. Customization
Our powerful branding options allow you to customize various aspects of miniOrange so that it mirrors your brand’s logo and colors, and matches the feel of your organization's aesthetics. We did all the customization for a global, world-class mining company.
You can customize the following:
miniOrange provides detailed reports for the following:
Single Sign-on
Two Factor Authentication
Fraud Prevention
Social Login
These reports assist in compliance and understanding user behavior.
Back to top
11. Self-Service Console for end users
miniOrange Self-Service Console for end users provides the user the functionality to manage his/her organizational identity and configure applications for Single Sign-On. The various features of the self service console are:
miniOrange provides an array of user authentication solutions to enhance the security of sensitive information and resources. Our Strong Authentication, Fraud Prevention and Single Sign-on products weave together disparate protocols and processes in secure Software as a Service environment providing easy to deploy, scalable and flexible platform at minimal TCO.
miniOrange Single Sign-on solution ensures seamless access to all enterprise resources, Once Authenticated with miniOrange SSO, users can easily connect and navigate within enterprise as per defined policies. miniOrange SSO Solution can be deployed in minutes and supports various Cloud Apps, Web Apps and Legacy Apps and is so easy to use that once logged in users do not need to authenticate separately to other applications
miniOrange 2 Factor Authentication Solutions ensure right set of eyes have access to your sensitive and critical information and systems sitting on the cloud or on premise. miniOrange 2 Factor Authentication supports widest range of strong authentication methods, helps you achieve regulatory compliance such as FFIEC, HIPPA, PCI etc and increase the security of your resources at minimum cost.
miniOrange Fraud prevention solution leverages user´s personalized information like behavior, location and device to authenticate and provides access to resources and prevents attacks not detected by static security solutions... Our flexible and sophisticated policy management system runs on our proprietary miniOrange Risk Engine that allows you to configure and customize risk policies as per your requirements.
miniOrange cloud security platform protects information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. It includes controlling physical access to your hardware as well as protecting against harm that may come via network access, data and code injection and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.
miniOrange combines the social media data of all your social networks at one place. Whether you are using Facebook, Twitter, Google+,Vkontakte, any social network, miniOrange visualizes and checks your social marketing success, presented in a clean and neat design to always keep the overview.
miniOrange 2 Factor Authentication Products ensure right set of eyes have access to your sensitive information sitting on the cloud or on-premise.
Traditional two-factor authentication solutions use hardware tokens (or "fobs") that users carry on their keychains. These tokens generate one-time passwords for the second stage of the login process. However, hardware tokens can cost up to $40 each. It takes time and effort to distribute them, track who has which one, and replace them when they break. They're easy to lose, hard to use, and users consistently report high levels of frustration with token-based systems.
miniOrange provides 15+ authentication methods.
miniOrange Fraud Prevention product uses device, location, time of access and user behavior to minimize the risk of improper data access or loss of information. It dynamically analyzes user requests and apply business security policies to application access which minimizes the risks of unauthorized access. It complements the existing traditional access controls by using contextual elements (e.g. device, location, time of access and user behavior) to allow for a more dynamic policy decision.
