Enable Single Sign-On into your application with your existing SAML 2.0 compliant Identity Provider. This would provider user the capability of login into his application using his SAML IdP credentials. This is done using JSON Web Token (JWT) tokens and it can be easily integrated with your application built in any framework or language. In case you need our help with below integration or sample code for JWT for your language, feel free to reach out at idpsupport@xecurify.com

Pre-requisites

• SAML 2.0 supported Identity Provider (In case you don't have IdP, you can use miniOrange as an Identity Provider).
• Customizations support in your applications to integrate SSO changes below.

Follow the simple Step-by-Step Guide given below for SSO into your application using SAML IdP :

Connect SAML IDP to miniOrange

A] Configure your Identity Provider settings in miniOrange:

• Go to miniOrange Admin Console.
• From the left navigation bar select Identity Provider.

• Select SAML tab then Click on Import IDP metadata.



• Enter IDP name and download the SAML Metatda file from your IdP.
• Click on Import and browse the downloaded file.
• If you don't have metadata file, you can also provide the details manually. You need to configure following endpoints:

IDP Entity ID	Entity ID of IDP
Single Login URL	Login Url from IDP
Single Logout URL	Logout Url from IDP
X.509 Certificate	The public key certificate of your IDP.

• Few other optional features that can be configured to the Identity Provider (IDP) are listed in the table below:

Domain Mapping	Can be used to redirect specific domain user to specific IDP
Show IdP to Users	Enable this if you want to show this IDP to all users during Login
Send Configured Attributes	Enabling this would allow you to add attributes to be sent from IDP

• Click on Save.

B] Configure miniOrange settings in your Identity Provider:

• For Basic SAML configuration you need to get the Entity ID, ACS URL Validator, ACS URL and Single Logout URL from miniOrange.
• Go to miniOrange Dashboard and click on Identity Providers section then click on SAML idp that you have configured.
• Now click on the Metadata from select dropdown to get miniorange metadata as shown in Screen below.



• For SP -INITIATED SSO section Select Show Metadata Details.

• Enter the values in the SAML configuration as shown in below table.

Audience (EntityID)	Entity ID or Issuer
ACS (Consumer) URL Validator	ACS URL
Single Logout URL	Single Logout URL
Sign on URL (optional required during IDP-initiated SSO)	Show SSO Link from Step 2

2. Setup you Application with miniOrange

1. Configure Your application in miniOrange

• Login to miniOrange Admin Console.
• Go to Apps and click on Add Application button.

• In JWT App click on Create App.
• In the Add Apps , click on JWT app and enter the values and click on Save.


Custom Application Name	Choose an appropriate name according to your choice.
Description	Add appropriate description according to your choice.
Redirect-URL	Endpoint of your application, which will receive the JSON Web token and process it.
Group Name	Default.
Policy Name	Add policy name according to your Preference.
Login Method	Password.

• In case you are setting up SSO with Mobile Applications where you can't create an endpoint for Redirect or Callback URL, use below URL.
  https://login.xecurify.com/moas/jwt/mobile
• Go to Edit against your configured app, Apps>>Select your app>>Edit.


• Now, You can access you application Using IDP credentials through the Single-sign-on URL

3. Test Connection

A] Perform Login

• On accessing the Single sign-On URL as mentioned in the above step, you will be asked to enter your SAML IdP credentials.

• On entering the valid credentials, you will be successfully logged into Application.

Additional Resources

• https://idp.miniorange.com/login-with-external-idp
• https://www.miniorange.com/integrations

If you are looking for anything which you cannot find, please drop us an email on idpsupport@xecurify.com.