Setup Single Sign On for OAuth Apps

Setup Single Sign On for OAuth Apps


miniOrange supports Single Sign-on into your apps, to securely login for admins and users. miniOrange supports several different protocols for your applications, such as SAML, WS-FED, OAuth, OIDC, JWT, RADIUS, etc. Using Single Sign-on, users can use one set of credentials to login to multiple applications. This improves security, as it reduces avenues for phishing attacks, and also improves access to your application.

OAuth (Open Authorization) is an open standard for token-based authentication and authorization. OAuth allows an end-user's account information to be used by third-party services, such as Facebook, without exposing the user's password. It acts as an intermediary on behalf of the end-user, providing the service with an access token that authorizes specific account information to be shared. miniOrange provides a solution to perform single sign-on(SSO) for applications supporting OAuth protocol, like Salesforce, WordPress, Joomla, Atlassian, Azure AD, Reddit, Spotify, Paypal, WHMCS, Slack, Discord, etc.

miniorange img Configure Single Sign-On (SSO) Settings for OAuth Apps:

  • Login to the Admin Console.
  • Go to Apps >> Add Application.
  • Add Application

  • Under the OAuth/OIDC tab, click on the Create App button.
  • OAuth connect

  • Search the OAuth2/OpenID Connect App and click on the app.
  • OAuth application

  • You can add any OAuth Client app here to enable miniOrange as OAuth Server. Few popular OAuth client apps for single sign-on are Salesforce, WordPress, Joomla, Atlassian, etc.
  • Enter the Client Name. Make sure Redirect-URL is in this format https://<mycompany.domain-name.com>.
  • Add Description if required. You can also configure the Access/JWT/Refresh token expiry time.
  • OAuth Fields

  • Give a policy name for Custom App in Login Policy.
  • Select a Group Name from the dropdown – the group which should have access to the OAuth SSO using this app.
  • Select the Login Method Type for authentication like Password, Mobile, etc.
  • Enable 2 Factor authentication (MFA) if required.
  • Click on Save button.
  • Login Policy

miniorange img2 You can edit Application by using the following steps:

  • Login as a customer from the Admin Console.
  • To configure OAuth Endpoints, go to Apps. From the list of apps configured, locate the app you created. Click on Select >> OAuth Endpoints option present in front of that specific app.
  • Edit OAuth Endpoints

    OR

  • You can click on Select >> Edit option present in front of that specific app. When you select Click here, OAuth Endpoints will appear.
  • Edit OAuth app

    Click Here

    OAuth Endpoints

  • Provide the required settings:
    Application Name  Enter Application Name
    Client Name  Enter Client Name
    Redirect URI  https://<mycompany.domainname.com>/<customerid>
    Client ID  Enter Client ID
    OAuth Token Authorize URL  https://<mycompany.domainname.com>/moas/idp/openidsso -Use this enpoint only if you want to use miniorange as oauth identity server. https://<mycompany.domainname.com>/<customerid>-Use this enpoint only if you are configuring any Identity Provider in Identity Providers Menu and not using miniorange as IDP.
    OAuth Token Endpoint URL  https://<mycompany.domainname.com>/moas/rest/oauth/token
    OAuth User Info Endpoint URL  https://<mycompany.domainname.com>/moas/rest/oauth/getuserinfo
Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com