miniOrange supports Single Sign-on into your apps, to securely login for admins and users. miniOrange supports several different protocols for your applications, such as SAML, WS-FED, OAuth, OIDC, JWT, RADIUS, etc. Using Single Sign-on, users can use one set of credentials to login to multiple applications. This improves security, as it reduces avenues for phishing attacks, and also improves access to your application.

OAuth (Open Authorization) is an open standard for token-based authentication and authorization. OAuth allows an end-user's account information to be used by third-party services, such as Facebook, without exposing the user's password. It acts as an intermediary on behalf of the end-user, providing the service with an access token that authorizes specific account information to be shared. miniOrange provides a solution to perform single sign-on(SSO) for applications supporting OAuth protocol, like Salesforce, WordPress, Joomla, Atlassian, Azure AD, Reddit, Spotify, Paypal, WHMCS, Slack, Discord, etc.

 Configure Single Sign-On (SSO) Settings for OAuth Apps:

• Login to the Admin Console.
• Go to Apps >> Add Application.



• Under the OAuth/OIDC tab, click on the Create App button.



• Search the OAuth2/OpenID Connect App and click on the app.



• You can add any OAuth Client app here to enable miniOrange as OAuth Server. Few popular OAuth client apps for single sign-on are Salesforce, WordPress, Joomla, Atlassian, etc.
• Enter the Client Name. Make sure Redirect-URL is in this format https://<mycompany.domain-name.com>.
• Add Description if required. You can also configure the Access/JWT/Refresh token expiry time.



• Give a policy name for Custom App in Login Policy.
• Select a Group Name from the dropdown – the group which should have access to the OAuth SSO using this app.
• Select the Login Method Type for authentication like Password, Mobile, etc.
• Enable 2 Factor authentication (MFA) if required.
• Click on Save button.

 You can edit Application by using the following steps:

• Login as a customer from the Admin Console.
• To configure OAuth Endpoints, go to Apps. From the list of apps configured, locate the app you created. Click on Select >> OAuth Endpoints option present in front of that specific app.




OR

• You can click on Select >> Edit option present in front of that specific app. When you select Click here, OAuth Endpoints will appear.







• Provide the required settings:

  Application Name	Enter Application Name
  Client Name	Enter Client Name
  Redirect URI	https://<mycompany.domainname.com>/<customerid>
  Client ID	Enter Client ID
  OAuth Token Authorize URL	https://<mycompany.domainname.com>/moas/idp/openidsso -Use this enpoint only if you want to use miniorange as oauth identity server. https://<mycompany.domainname.com>/<customerid>-Use this enpoint only if you are configuring any Identity Provider in Identity Providers Menu and not using miniorange as IDP.
  OAuth Token Endpoint URL	https://<mycompany.domainname.com>/moas/rest/oauth/token
  OAuth User Info Endpoint URL	https://<mycompany.domainname.com>/moas/rest/oauth/getuserinfo