This guide gives a brief overview for Setting up Windows Integrated Authentication for Cloud Applications.
miniOrange Single sign on (SSO) server allows you to login to your applications without re-entering your credentials after you authenticate yourself into the Windows domain by login into a system joined to the Active Directory domain. miniOrange achieves this by, installing a component on a Windows Server joined to the Active Directory (AD) domain that, basically acts as a SAML 2.0 Identity Provider. When the user tries to access a cloud application like Salesforce, the request is sent to the miniOrange SSO Server which in turn forwards the request to the on-premise miniOrange SAML module installed in the Windows machine which determines the user logged in, and performs SSO based on the response from the module.This involves 3 steps basically:
1. Enable Windows Authentication and configure SSO applications of interest in the Windows Machine.
2. Installing the miniOrange SAML module in Windows and configuring it with the miniOrange SSO server.
3. Add the miniOrange SAML module ( installed on the Windows Machine ) as an Identity Source in the miniOrange SSO server
7. Click Apply.
8. Open up IIS Manager.
9. Select the site which you want to apply Windows Authentication to.
10. Select the Application Pool for that website. Right click on it and select Advanced Settings.
11. Use Custom Account and set the account as the service account for which delegation was enabled. You would need to enter the password of the service account as well.
12. Navigate to the Authentication section for the website.
13. Enable Windows Authentication and disable Anonymous Authentication.
14. In the Configuration Editor, search for system.webServer/security/authentication/windowsAuthentication.
15. Set useKernelMode as False and useAppPoolCredentials as True.
16. Click Apply.
17. Open up Internet Explorer and open Internet Options.
18. Add the FQDN of IIS Server to the list of sites in Local Intranet.
19. Select Custom Level for the Security Zone. In the list of options, select Automatic Logon only in Intranet Zone.
|ACS URL||Of the format: https://login.xecurify.com/moas/rest/saml/acs/<CustomerID>|
|Issuer||The hostname of the server|
|IdP Entity ID / Issuer||As set in the above step|
|SAML SSO Login URL||Of the format https://< hostname_of_server >/saml/samlsso.php|
|X.509 Certificate||The SP Certificate in the SAML Module|