- Login into miniOrange Admin Console.
- Go to Apps > Add Application button.
- In Choose Application Type click on Create App button in SAML/WS-FED application type.
- In the next step, search for your application from the list, if your application is not found. Search for “custom” and you can set up your app via Custom SAML App.
- In the Basic Settings tab, import the SP metadata by clicking on the Import SP metadata button.
- Enter the app name as per your preference and click on File if you have a metadata file or the URL if you have the application’s metadata URL. You will be able to get both information from your application.
- After choosing the appropriate option click on Import.
- Enable Sign Response to sign the response that will be sent from IdP to SP and enable Sign Assertion to only sign the assertion from the SAML response.
- Single Logout URL – The URL where you want the logout request to be consumed and where your users should be redirected after single logout from the applications.
- Click Next, to go to the Attribute Mapping page. Here you can add and configure the attributes to be sent to the app.
- In Login policy, you can choose the specific group of users from the dropdown for which you want to enable the policy. Provide a policy name and you can enable either 2 Factor Authentication (MFA) or Adaptive Authentication.
- In Advanced settings, you can configure the following settings –
|Relay State||Enter the URL where you want the user to redirect after sign in to the application.|
|Override Relay state||Enable this to override the default relay state of the SP|
|Show On End User Dashboard||Disable this if you do not want the app to be visible for all users on end user dashboard|
|Signed Request||Enable this to sign the request sent by SP to IdP. Provide the X509 certificate or upload the certificate.|
|Signature Algorithm||Select the algorithm that will be used to sign the SAML request/response.|
|Encrypt Assertion||Select this if you want to encrypt the assertion in SAML response and provide the algorithm and certificate for encryption.|
|SAML Authentication Validity Period||The time for which the authentication should be considered valid and the user should be able to perform SSO. After that, the user will have to sign in again.|
|Add Name Format||Enable this to choose a custom name format based on the SP.|
|Name Format||Select the format that is supported by the SP.|
|Identity Source||Select the identity source from where you want the authentication to happen. You will see the list of all configured sources.|
|Force Authentication||Enable this to enforce authentication on each request to access the application.|
|Logout Response Binding||A Logout Response is sent in reply to a Logout Request from SP. It could be sent by an Identity Provider or Service Provider.|
|IdP initiated Logout Request Binding||A Logout Response is sent in reply to a Logout Request from the IdP dashboard. It could be sent by an Identity Provider or Service Provider.
- Click on Save.
- Your application is saved successfully. Now click on the Select button against your newly created application. Go to Metadata.
- On the Metadata page, click on Show Metadata Details and choose either of the two Metadata options :
- If you want to use miniOrange as a User-Store i.e., your user identities will be stored in miniOrange then download the metadata file under the heading ‘INFORMATION REQUIRED TO SET MINIORANGE AS IDP‘.
- If you want to authenticate your users via any external Identity Provider like Active Directory, Okta, OneLogin, etc then download the Metadata file under the heading ‘INFORMATION REQUIRED TO AUTHENTICATE VIA EXTERNAL IDPS‘