miniOrange supports Single Sign-On for secure login for users and admins. miniOrange supports several different protocols for your applications, such as SAML, WS-FED, OAuth, OIDC, JWT, RADIUS, etc. Using Single Sign-on, users can use one set of credentials to login to multiple applications. This improves security, as it reduces avenues for phishing attacks, and also improves access to your application.

miniOrange provides Single Sign-on for Mobile applications and Javascript framework based applications through JSON Web Token [so, JWT apps]. This solution allows you to setup Single Sign-On(SSO) into your applications which do not support SAML 2.0 standard. You can allow your users to Single Sign-On into your application by verifying Identity with your existing SAML 2.0 compliant Identity Provider. This is done using JSON Web Token (JWT) tokens and it can be easily integrated with your application built in any framework or language. You can add JWT app to enable SSO in any mobile/client-side apps which do not support any standard protocols and built on platforms like React.js, Firebase, Cordova, Angular.js, etc. You can also add Password-Less app links to user portal from here.

 Generate a new JWT App

• Login to your admin dashboard
• Go to Apps >> Add Application

• Click on the JWT icon.

• Select the default JWT App.


Field	Action
API Name	Enter the API Name (i.e. the name for this application), and add a description if required.
Redirect-URL	Enter the Redirect-URL (i.e. the endpoint where you want to send/post your JWT token).
Identity Source	Select the default ID source from the dropdown for the application. If not selected, users will see the default login screen, and can choose their own IDP.
Upload an app logo (Optional)	Upload an app logo (Optional). Set Enable User Mapping as Yes (If you are sending the logged in user from this app in the response.)
Group Name	Select the group for which you wish to add this policy. For multiple groups, you can click here to add multiple/seperate policies for each group.
Policy Name	Default
Login Method	Select login method as Password. You can enable 2-Factor and Adaptive Authentication.


• Click on Save button.

 Configure App credentials

• Click on Edit in the select menu against your app.


Field	Action
Client ID	If your application provides its own client ID, you can configure it by clicking on the Customize button.
App Secret	You can find App Secret by clicking on the icon as shown below.
Signature Algorithm	Select your signature algorithm from the dropdown.
Identity Source	Select the default ID source from the dropdown for the application. If not selected, users will see the default login screen, and can choose their own IDP.
Redirect URL	Given below is your app url where you will receive your token. RSA 256 : <your_app-login-url> (Here token will be added by the system) HS256 : <app-login-url/?id_token=>
Force Authentication	Require the user to re-authenticate if the JWT application requests it.