miniOrange provides secure access to workplace for enterprises and full control over access of workplace application, Single Sign On (SSO) into your workplace Account with one set of login credentials.

• Single Sign On

  miniOrange Single Sign On (SSO) Solution provides easy and seamless access to all enterprise resources with one set of credentials. miniOrange provides Single Sign On (SSO) to any type of devices or applications whether they are in the cloud or on-premise.

• Strong Authentication

  Secure your workplace app from password thefts using multi factor authentication methods with 15+ authentication types provided by miniOrange. Our multi factor authentication methods prevent unauthorized users from accessing information and resources having password alone as authentication factor. Enabling second factor authentication for workplace protects you against password thefts.

• Fraud Prevention

  miniOrange prevents frauds with its dynamic risk engine in conjunction with enterprise specific security policy. We support a combination of the Device Id, Location and Time of access as multi-factor authentication that can detect and block fraud in real-time, without any interaction with the user.

miniOrange supports both IdP (Identity Provider) and SP (Service Provider) initiated Single Sign On (SSO)

• IdP Initiated Single Sign On (SSO)

  In IdP Initiated Login, SAML request is initiated from miniOrange IdP.

• Enduser first authenticates through miniOrange Idp by login in to miniOrange Self Service Console.
• The Enduser will be redirected to their workplace account by clicking the workplace icon on the Enduser Dashboard - there is no need to login again.

• SP Initiated Single Sign On (SSO)

  In SP Initiated Login, SAML request is initiated by workplace.

• An Enduser tries to access their workplace Account by going to domain
• They will be redirected to miniOrange Self Service Console.
• Here they can enter the miniOrange login credentials and login to their workplace Account.

Follow the Step-by-Step Guide given below for workplace Single Sign On (SSO).

Step 1: Configure Single Sign On (SSO) Settings for workplace

• Login as a customer from Admin Console of miniOrange's Administrator Console, now go to Apps Tab from menu and click Configure Apps.
• Select the Application Name workplace(SAML) App from the drop down menu.




• Make sure the SP Entity ID or Issuer is in the format: https://www.facebook.com/company/[your-company-id].
• Make sure the ACS URL is in the format: [https://your-company-name].facebook.com/work/saml.php.
• It is not compulsory to insert any URL in Single Logout URL section.
• Relay State section could be kept empty.
• Leave the Attributes section empty.
• Click on Save to configure workplace.
• Click on Download Certificate link to download the certificate which will be required later.

---

Step 2: Create a policy for workplace

• Now go to Policies Tab from the menu and select App Authentication Policy.
• Add a new policy for workplace.
1. Select workplace from Application dropdown.
2. Select a Group Name from dropdown - the group for which you want to add workplace policy.
3. Give a policy name for workplace in Policy Name field.
4. Select the First Factor Type for authentication.
5. Enable Second Factor for authentication if required.
6. Click on Save button to add policy for workplace Single Sign On (SSO).





• Now click on Onboard users into our system from View Policy Tab.

---

Step 3: Onboard users into our system

• Download sample csv format from our console and create a CSV file containing your users in this format.




• Upload your CSV in our console via Bulk Upload.
• After uploading the CSV file successfully, you will see a success message.
• From Users/Groups menu, select Manage Users/Groups and go to On Boarding Status. Select users to send activation mail and click on send activation mail. An activation mail will be sent to the selected users.

---

Step 4: Register users into our system (End Users)

• Sign In to your mail and click on registration link that is valid only for 5 days. You will be redirected to our registration page.
• Configure your basic details.




• Configure any strong authentication method.




• Configure KBA (Security Questions) as your fallback method, in case you lost your phone this will get invoked and save your details.




• After successful registration, you will see a registration successful message.

---

Step 5: Setup Single Sign On for your domain in workplace

• In the Company Dashboard, go to the Authentication tab.
• Under SAML Authentication, select SSO Only from the drop-down list.
• Input the values of miniorange IdP into the corresponding fields as given below:




• Enter SAML URL:   https://auth.miniorange.com/moas/idp/samlsso
• Enter SAML Issuer URL:  https://auth.miniorange.com/moas
• Enter SAML Certificate: You may need to open up the downloaded certificate in a text editor in order to copy/paste this into the field
• Depending on miniorange IdP, you may need to enter the Audience URL:(not compulsory), Recipient URL:(not compulsory) and ACS (Assertion Consumer Service) URL listed under the SAML Configuration section in workplace.
• Scroll to the bottom of the section and click the Test SSO button. This will result in a pop-up window appearing with miniOrange IdP login page presented. Enter your credentials in as normal to authenticate.
  Troubleshooting: Ensure the email address being returned back from miniorange IdP is the same as the Workplace account you are logged in with.
• Once the test has been completed successfully, scroll to the bottom of the page and click the Save button.




• All users using workplace will now be presented with miniOrange IdP login page for authentication.

---

Step 6: Now sign in to your workplace account with miniOrange IdP by either of the two steps:

1. Using SP initiated login :-

1. Go to https://[your-company-name].facebook.com, enter your Email Address and click on Login. Now you will be redirected to miniOrange IdP Sign On Page.




2. Enter your miniOrange login credential and click on Login. You will be automatically logged in to your workplace account.



2. Using IdP initiated login :-

1. Login to your miniOrange Self Service Console as an End User and click on the workplace icon on your Dashboard.

For further details refer :
https://developers.facebook.com/docs/workplace/authentication/sso#workplaceconfiguration

Business trial for free

If you don't find what you are looking for, please contact us at info@miniorange.com or call us at +1 978 658 9387 to find an answer to your question about workplace Single Sign On (SSO).