Custom Database Connection using miniOrange for Authentication
Custom Database Connection using miniOrange for Authentication
What is authentication using Custom Database Connection?
miniOrange provides the ability for database connection and use it as authentication user store to enable Single Sign-on (SSO), Multi-factor authentication, etc. for your external applications. Here, miniOrange makes custom database work as user store for authentication. Users will login using their custom database credentials only once and have a seamless SSO login into the other applications. We develop connection between miniorange and your database as user store.
What is a custom database and why use miniOrange for authentication?
A custom database can be any DB which you can use for saving user data and other user information for your custom application for authentication or login or any other purposes. miniOrange provides connection support for all the popular custom database, such as MongoDB, MySQL, MS-SQL, Oracle, PostgreSQL, SQL Server, etc.
The highlighting feature for using custom database connection for authentication and login is that you do not have to move your identites to any other place. So all user data is secure in your DB itself.
Enable Single Sign-on, MFA for authentication on your Custom applications or CRM/HRM/CMS/LMS where users are stored in DB and do not support any Single Sign-On protocol inherently like Wordpress, Moodle, Drupal or rather any custom application which is storing the users.
miniOrange provides provisioning for on-the-fly user creation at the time of SSO login and you can import users using JSON / CSV file.
Configure multiple user store for login to your applications with multiple authentication protocol support such as SAML, OAauth, etc. for different user groups based on roles and responsibilities.
Enter the custom Database user store Identifier. It can be any name relevant to the User store.
Select the DB type, we currently support:-
Port Number Default
Database hostname:port (you can check with your administrator for this). For defaults port numbers, refer to defaults given above.
The custom Database name (database-name) is the database in which your users are stored.
Enter the Username and Password of the user which has permissions to access the DB mentioned above.
Enter the Table name, where users are stored for authentication.
Enter the column name for Usernames (which can be Email-address, Unique IDs) and Password respectively.
Add attributes allows us to send attributes from DB to any configured application. You can write a query to fetch the attributes which should be of below format:
For example, We want to fetch FirstName from table users with a where clause and username, the '?' will be replaced by the actual username fetched from the Username column mentioned above. SELECT '##USERNAME##', username FROM USERS WHERE USERNAME=?
Select the Hashing type used for hashing the password. We support the below Hashing types:
For the Attribute Mapping, the attributes from the database can be mapped to custom attribute names when they are sent to the Service Provider (SP).
For eg. If you receive an email from the "Email" attribute from the DB, and need to send it under the "Mail" attribute in the SP, you need to map "Mail" in the left section to "Email" in the right section.
2. Testing database connection
After clicking on save, click on Select-> Test Connection. Enter the login credentials of the user stored in the DB (user store) for testing if the database connection is correctly set up.
3. Configure Your application in miniOrange
Login as a customer from the Admin Console.
Go to Apps >> Add Application
Click on SAML/WS-FED tab. Select the Custom SAML App.
If you can't find your application in the below list, you can submit your app request to add the application as a pre-integrated app.
Once you select the Custom App option, you will find a window similar to :
Either you can Copy-Paste all the attributes of the Service Provider (SP), or you can directly upload an XML file containing relative information.
To upload the file, follow these steps:
Click on Import SP Metadata button.
You will get a popup with following options.
You get the URL for Metadata information from the Service Provider, you can directly add this URL in the input field provided
When you select Text option, you will have to fill all the attributes manually
When you select File option, you can directly upload the XML file containing all the information.
Here is a description of what each field under the Basic Settings section means.
SP Entity ID is used to identify your app against the SAML request received from SP. Make sure the SP Entity ID or Issuer is in this format: https://www.domain-name.com/a/[domain_name]/acs.
ACS URL or Assertion Consumer Service URL defines where the SAML Assertion should be sent after authentication. Make sure the ACS URL is in the format: https://www.domain-name.com/a/[domain_name]/acs.
Audience URI, as the name suggests, specifies the valid audience for SAML Assertion. It is usually the same as SP Entity ID. If Audience URI is not specified separately by SP, leave it blank.
Single Logout URL defines where the user should be redirected after receiving the logout request from SP. You can mention your applications logout page URL here. Make sure the Single Logout URL is in the format: https://mail.domain-name.com/a/out/tld/?logout.
Here is a description of what each field under the Attribute Mapping section means
NameID defines what SP is expecting in the subject element of SAML Assertion. Generally, NameID is Username of Email Address
NameID Format defines the format of subject element content, i.e. NameID.
For example, Email Address NameID Format defines that the NameID is in the form of an email address, specifically “addr-spec”. An addr-spec has the form local-part@domain, has no phrase (such as a common name) before it, has no comment (text surrounded in parentheses) after it, and is not surrounded by “<” and “>”.
If NameID Format is not externally specified by SP, leave it unspecified.
You can Add Attributes to be sent in SAML Assertion to SP. The attributes include user’s profile attributes such as first name, last name, fullname, username, email, custom profile attributes, and user groups, etc.
The Login Policy section on the same window is for adding policy for your app.
Select a Group Name from the dropdown – the group which should have access to the SAML SSO using this app.
Give a policy name for Custom App in Policy Name.
Select the Login Method Type for authentication like Password, Mobile, etc.
Enable 2 Factor/Adaptive for authentication if required.
Click on Save button to add policy for Apps (Single Sign-On).
Configure Service Provider (SP)
From the list of Apps configured, you can locate the app you created, you can see the Select >> Metadata option present in front of that specific app.
Click on the Metadata option, you will get a window similar to:
When you want to set miniorange as an IDP, you have to use the URLs listed under "Information required to set as IDP" heading (as shown in the above image)
When miniorange is used as broker service, you have to use different set of URLs listed under "Information required to Authenticate with External IDPs" heading (as shown in the above image)
If you want to make it quick and easy, click on the Download Metadatabutton to get XML file which you can upload while configuring SP.(Shown in the image below)
Broker Flow/Broker Service
You can use MiniOrange as a broker when you have an external identity source i.e. you have external IdP configured which has all of the information.
When we say external IdP, we mean IdPs like Okta, OneLogin etc.
You can edit Application by using following steps:
Login as a customer from Admin Console.
Go to Apps.
Search for your app and Click on edit in Select menu against your app.
4. User Provisioning with database
Navigate to Provisioning >> Setup Provisioning.
From the Select Application dropdown section, select the Database option.
Enable the provisioning features from the given options.
To import users from the connected database, click on the import users section.
Select Database to import the users from the dropdown options.
Select the custom Database from the drop down menu.
Now go to the Users >> User List and you will find all the users imported from Database.
Need Help? We are right here!
Contact miniOrange Support
Thanks for your inquiry.
If you dont hear from us within 24 hours, please feel free to send a follow up email to email@example.com
This privacy statement applies to miniorange websites describing how we handle the personal
When you visit any website, it may store or retrieve the information on your browser, mostly in the
form of the cookies. This information might be about you, your preferences or your device and is
mostly used to make the site work as you expect it to. The information does not directly identify
you, but it can give you a more personalized web experience.
Click on the category headings to check how we handle the cookies.
Strictly Necessary Cookies
Necessary cookies help make a website fully usable by enabling the basic functions like site
navigation, logging in, filling forms, etc. The cookies used for the functionality do not store any
personal identifiable information. However, some parts of the website will not work properly without
These cookies only collect aggregated information about the traffic of the website including -
visitors, sources, page clicks and views, etc. This allows us to know more about our most and least
popular pages along with users' interaction on the actionable elements and hence letting us improve
the performance of our website as well as our services.