IDP Global Settings

Overview

This section list all different IDP/ Product Global Settings and configurations available to a customer for customizations.

Product Settings

Login to miniorange admin console -> Navigate to Settings icon on the top right corner of the header and click on Product Settings icon to view and enable any global settings.

IDP product global setting

Server Settings (Only For On-premise)

You can change the domain URL where the On-Premise version of IdP is hosted as shown in below screenshot. IDP admin product settings

Following Settings/Configurations are for both On-premise and Cloud:

Account Details:

When you create an account with us these 3 keys get generated for your account required for any API Calls for user operations/ 2FA integration using APIs, etc. -

  1. Customer Key
  2. Customer API Key
  3. Customer Token Key

Download the Account info from the Download icon beside the Account Details. This will be required to assign the Paid License to your account.

CLICK HERE for miniOrange API Documentation

Add User Preferences / User Login Preferences:

Following options are available in Add User Preferences Section to add user from admin or for self-user registration workflows:
  • Enable sending Welcome Emails after user registration - On enabling this option, All the users after successful registration will receive an welcome email from miniOrange to their registered Email IDs
  • Enable sending activation email with password reset link after user registration - On enabling this option, an activation email along with a link to reset password will be sent to all the user who have been newly registered. The User account will be activated only after following the process on the received link.
  • Enable Inline Registration for users - By enabling this option, if the user is not present in miniOrange then he will be asked to register when he tries to Single Sign-on into any application. The User will be registered in miniOrange.
  • Enable User Auto-Registration (A CSV list with passwords for all the uploaded users will be made available to you) - By enabling this option, if you have not provided password for the users while uploading them then a password is generated automatically and assigned to the user and the users are registered. You can get a CSV list of all these users with their generated passwords.
IDP CSV list with passwords

Following options are available in User Login Preferences Section -

  • Prevent Concurrent Logins - On enabling this option, User will be able to log in to the application or IdP with only one device at a time. Multiple login from different device will not be allowed.
  • Force Users to change the password on first login - On enabling this option, When a newly created user logs in for the first time, he/she is forced to change the password.
  • Force 2FA on each login attempt - On enabling this option, User is prompted for his configured 2FA method on each login attempt.
  • Force Captcha on Login - On enabling this option, when user tries to login, he has fill the captcha mandatorily. Then only he will be able to login.
  • Enable login with phone number - On enabling this option, the User can login using his phone number instead of username. Note - The Users should have unique phone numbers.
  • Enable shared user login for users - On enabling this option, you can give one set of credentials to multiple users or a group of users and they can login into the application using the same.
  • Set Maximum Login Attempts allowed - This is the number of unsuccessful login attempts allowed to user before disabling the user.
  • Disable User login Time Period - The disabled user will be allowed to attempt login again to IdP or his configured applications after this time period.

User Self-Registration Workflow:

You can also customize user sign-up workflow. Following options can be enabled for self user-registration/ signup. Please see the screenshot below –
IDP user-registration
  • Allow Users to Register - By enabling this option, the Users can self register themselves. These Users will be stored in miniOrange IdP and can then SSO into the configured apps
  • Redirect user to SSO app after registration – By default, after user signup, a user will see a default page showing thanks for registration message with a link to redirect to login page. Once you enable this option, if a user has first initiated sso request from his application and then clicked the create account link since he has no account. After successful registration, he will be redirected to his app and logged in as the user created.
  • Verify User via OTP on phone after registration – You can enable this option to add a verification option before registration completion to verify user via valid phone number.
  • Verify User via OTP on email after registration – You can enable this option to add a verification option before registration completion to verify user via valid email ID.
  •  Provision User to Third -Party App before registration – There are few cases where customer has any CRM/AD or any user data store where all users are created first or need to be maintained always. So, in that case. You can enable this option to first create the user in your existing data store and then create in IDP using the unique identifier/username generated using the CRM.

User Re-Verification Settings:

Enabling this option will force users to re-verify themselves periodically. Manage when users get notified about the re-verification and the time period when users will be able to re-verify themselves after which their account would be disabled.
IDP User Re-Verification Settings

You can also configure the following things -

  • Re-verify users every (months)  - You can specify the number of months after which re-verification should be invoked.
  • Notify Users of re-verification before (days) - You can specify the number of days before which users should be notified about re-verification.
  • Re-verification Period (days) - You can specify the number of days after which re-verification should be invoked.

Security Questions / One time Passcode Settings:

You can also customize settings for Security Questions and the One time passcode (OTP). Following options can be enabled. Please see the screenshot below –
IDP user-registration

    Security Questions Settings

  • Security Question Limit - The number of security questions a user has to fill during registration. 
  • No. of Question to Verify – Out of the total number of security questions, the number of questions that should be verified for authorization.
  • Enable End Users to change their Questions – You can enable/disable the permission for users to update or change the security questions.

    One Time Passcode (OTP) settings

  • OTP Length - The total length of digits in the the passcode. 
  • OTP Validity (In mins) – The time for which the OTP should stay valid. After this time period, current OTP will no longer work and you will have to request for a new OTP.

User Dashboard Settings:

IDP User Dashboard Settings
  • Enable 2FA methods quick test for End Users - By enabling this feature, user can perform quick tests for his configured 2FA method. 
  • Enable End Users to add applications - By enabling this option, the end users can add and configure any application for Single Sign-on. The application will be configured for the specific user only.

IDP initiated Single Logout Configuration

  • Checking this option will enable Single Logout of all SP apps configured with miniOrange as an IdP and the apps that are logged in with miniOrange. This only works for the SP Apps that support IdP initiated logout. 

Discovery flow Configuration

  • Show IDP's Based On User Groups - Checking this option will display all the configured IDP's based on User groups. The Users can choose from which IDP he/she should be authenticated

Device Profiles Expiry Time

  • Device profile expiry is the time after which your registered device gets unregistered so that you can register new devices. 

Multi Language Support:

IDP User Dashboard Settings
  • Enable Internationalization - Checking this option will enable dropdown for the Enduser to choose their languages on :- Login page, UserSignUp page. Enabling this option would allow email templates and Custom attributes in different languages. 
  • Customer Preferred Language - Select the preferred language from the dropdown. miniOrange Supports English, German, Spanish, Italien, Portugese. English is default language.

Override default IDP session time out

  • Enable Session Time out - Default IDP session time out is 90 minutes. Enabling this option will override default IDP session timeout and will enable custom session time out for users. 

Other Custom Options

  • You can enter the domains which you want to exclude form User provisioning. 

Enable Logging: (Only For On-premise)

You can set the logging level of the product as shown in the screenshot below. Default logging level is ALL. You can choose from the following options and change the logging level to any of them-
  1. ALL
  2. TRACE
  3. DEBUG
  4. INFO
  5. WARN
  6. ERROR
  7. FATAL
  8. OFF
It is recommended to change it to Error for production environments for best performance. Once you save the logging level there is no need to restart the server for changes to take effect but you should not perform this operation very frequently. IDP production environments

Note: Any changes you make here are not persisted across server restarts. You will need to edit 'WEB-INF/classes/log4j.properties' to change levels permanently.

Security Settings

IDP admin product settings

You can enable iframe embedding from here. By wnabling this option, your organization can embed miniOrange in iframe in any of your applications and access miniOrange from there.


Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com