Hello there!

Need Help? We are right here!

support
miniOrange Email Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com

Two Factor Authentication for osTicket

miniOrange provides a ready to use solution for osTicket Platform. This solution ensures that you are ready to roll out secure access to osTicket to your employees within minutes.

osTicket


osTicket is a widely-used open source support ticket system. It seamlessly integrates inquiries created via email, phone and web-based forms into a simple easy-to-use multi-user web interface. Manage, organize and archive all your support requests and responses in one place while providing your customers with accountability and responsiveness they deserve.

Why miniOrange PHP SAML 2.0 Connector ?

miniOrange Identity Management Features

miniOrange supports both IdP (Identity Provider) and SP (Service Provider) initiated Single Sign On (SSO)

We can connect with any External IDP/Directory

miniOrange provides user authentication from external directories like ADFS, Microsoft Active Directory, Azure AD, OpenLDAP, Google, AWS Cognito etc. It also provides user authentication with other IDPs like Shibboleth, PING, Okta, OneLogin, KeyCloak and many more.

Can't find your IDP ? Contact us on idpsupport@xecurify.com. We'll help you set it up in no time.


Steps for Single Sign On into osTicket using PHP SAML 2.0 Connector

Step 1: Download and Setup the PHP connector.

  • Download miniOrange PHP SAML 2.0 Connector from here.
  • Setup the connector on the same domain where you have PHP application running.
  • Access SSO connector from your browser with URL https://<connector-path>/sso
  • Register into SSO connector by providing a valid email address and password.
  • After registration, log in to the dashboard using the credentials you provided during registration. Click on Login

  • Two factor-authentication for osTicket  | Support Ticketing System:php_saml_connector_login


    Two factor-authentication for osTicket  | Support Ticketing System:php_saml_connector

Step 2: Configure the connector using your Identity Provider details

  • Here we are configuring miniOrange as IDP.
  • Login to miniOrange Admin Console.
  • Go to Apps >> Manage Apps Click Configure Apps button.
  • Two factor-authentication for osTicket  | Support Ticketing System:saml-apps

  • Click on SAML tab. Select Custom App.

  • Two factor-authentication for osTicket  | Support Ticketing System:add-custom-saml-app

  • Enter the following values:
  • Service Provider Name Choose appropriate name according to your choice (E.g app1)
    SP Entity ID or Issuer Connector Entity ID from SP settings section in step 1
    ACS URL X.509 Certificate (optional) Connector ACS URL from SP settings section in step 1
    NameID Format  Select urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
    Response Signed Unchecked
    Assertion Signed Checked
    Encrypted Assertion Unchecked
    Group policy Default
    Policy Name Choose appropriate name according to your choice
    Login Method Password

  • Click on Save to configure osTicket.
  • Now to get the IDP metadata of the app configured, Go to apps >> your_app >> select >> metadata tab.

  • Two factor-authentication for osTicket  | Support Ticketing System:saml-custom-app-metadata

  • Click on the Show Metadata Details link in the Information required to set meiniorange as IDP section.
  • Two factor-authentication for osTicket  | Support Ticketing System:show_miniorange_idp_metadata

Step 3: Setup SSO in connector

  • Setup SSO in PHP saml connector
  • To configure the php saml connector, need to add metadata values from step 2 in Identity Provider Settings.

  • Two factor-authentication for osTicket | Support Ticketing System:configure_php_saml_connector

  • You can configure the SP base url or leave this option as it is.
  • Click on the Submit button to save your settings.

Step 4: Test the Configuration

  • You can test if the plugin is configured properly or not by clicking on the Test Configuration button.

    Two factor-authentication for osTicket  | Support Ticketing System:setup_connector_3

  • You should see a Test Successful screen as shown below along with the user's attribute values.

    Two factor-authentication for osTicket  | Support Ticketing System:setup_connector_4

Step 5: Setup the connector to work with osTicket Application

To download the osTicket - Support Ticket System Click here. Once the SSO test was successful, you can provide an Application URL, to where the users will be redirected after logging in.
  • To do so, click on the How to Setup? menu in SSO connector.
  • Provide the url of your application where you want the users to redirect after logging in.
    NOTE: The domain of the application URL and the domain where you have setup the miniOrange PHP SAML 2.0 Connector should be same.
  • On this Application Endpoint you need to read Session attributes set by SSO connector and use that to login user into your application.
    if(session_status() === PHP_SESSION_NONE)
    {
    session_start();
    }
    $email = $_SESSION['email'];
    $username = $_SESSION['username'];
    // Use $email and $username variables to find user in your PHP application and start session for the user.
    

    These Variables contain the mapped attribute values. After receiving these values using the above code, you can use the $email and $username variables in your application.
  • Now that the plugin is configured, you're ready to use it in your application.
    Use the following URL as a link in your application from where you want to perform SSO:
    http://<your-domain>/sso/login.php"

    For Example, you can use it as:
    <a href="http://<your-domain>/sso/login.php">Log in</a>
    Your users will be able to SSO in your application by clicking on the Log in link

Step 6: Configure 2FA for miniOrange Admin Dashboard and osTicket

6.1: Configure 2FA for miniOrange Admin Dashboard.

  • From your miniOrange Dashboard in the left navigation bar, select 2- Factor Authentication, click on Configure 2FA.

  • Two factor-authentication for osTicket | configure_2fa

  • Choose any 2FA method you want to configure.
  • Let's say you want to configure OTP over SMS
  • Click on OTP over SMS
  • Two factor-authentication for osTicket  | otp_over_sms

    Two factor-authentication for osTicket  | enter_phone_no

  • Now add your mobile number on which you want to receive the OTP.
  • Then click on Save.
  • Two factor-authentication for osTicket  | save_phone_number

    Two factor-authentication for osTicket  | otp_over_sms_active

  • Now as shown in the above image, OTP over SMS is your Active 2FA method.
  • Enable Prompt for second factor during signin to your console.
  • Then click on Save.
  • Two factor-authentication for osTicket  | enable_2fa

  • To verify the configuration login again.
  • You will be asked for Username and password then it is redirected to below page:
  • Enter the OTP received on the phone and click on verify.
  • Two factor-authentication for osTicket  |  2fa_otp_verification

  • If you are redirected to your dashboard, you have successfully configured OTP over SMS as your 2FA method.
  • Similarly you can configure rest of the 2FA methods for miniOrange dashboard. Click Here for the Guide
  • To configure 2FA methods for end-users Click here.

6.2: Enable 2FA for Users of osTicket application.

  • To enable 2FA for Users of osTicket application. Go to Policies >> App Authentication Policy
  • Click on Edit against the configured application
  • Two factor-authentication for osTicket | Two Factor Authentication configure 2fa of application

  • Enable the Enable 2-Factor Authentication (MFA) option.
  • Two factor-authentication for osTicket | Two Factor Authentication enable 2fa

  • Click on Save.

For Further Details:

https://www.miniorange.com/two-factor-authentication-(2fa)
See our Single Sign On features.

We offer Security Solutions of Single Sign-On, Two Factor Authentication, Fraud Prevention and much more.

Please call us at +1978 658 9387 (US), +91 77966 99612 (India) or email us at info@xecurify.com