This guide gives a brief overview for Setting up Windows Integrated Authentication for Cloud Applications.
miniOrange Single sign-on (SSO) server allows you to login to your applications without re-entering your credentials after you authenticate yourself into the Windows domain by login into a system joined to the Active Directory domain. miniOrange achieves this by installing a component on a Windows Server joined to the Active Directory (AD) domain that, basically acts as a SAML 2.0 Identity Provider. When the user tries to access a cloud application like Salesforce, the request is sent to the miniOrange SSO Server which in turn forwards the request to the on-premise miniOrange SAML module installed in the Windows machine which determines the user logged in, and performs SSO based on the response from the module.
setspn -S HTTP/##Server FQDN## ##Domain Service Account##
setspn -S HTTP/server.contoso.com CONTOSO\iwauser
|$this->ldap_server_url||Full URL of your LDAP server, with port||
|$this->ldap_bind_account_dn||Distinguished Name of your LDAP Service Account||
|$this->ldap_bind_account_password||Password of your LDAP Service Account||-|
|$this->search_base||Search base in which to look for users||
|$this->user_attributes||List of attributes that you want to fetch from AD & send in response||
For example, if the branding set in your miniOrange account is iwatest, with customer ID 123456, then the value of this parameter will be:
|Issuer||Hostname of the Windows Server, for example https://server.contoso.com|
|IDP Entity ID||As set in the previous section under Issuer|
|SAML SSO Login URL||Of the format
For example, if the FQDN of your Windows Server is server.contoso.com, then the value of this parameter will be: