This guide will give you an overview of how to set up Windows Integrated Authentication for Cloud Applications.
miniOrange Single Sign-On (SSO) server allows you to log into your application without having to re-enter your credentials. You will first need to successfully achieve windows authentication into the Windows domain, after having logged into a system integrated with an Active Directory domain. miniOrange achieves Windows integrated authentication by installing a component on a Windows Server linked to the Active Directory domain. This setup basically acts as a SAML 2.0 Identity Provider. When the user tries to access a cloud application like Salesforce, the request is forwarded to the miniOrange SSO Server. This Server forwards the request to the on-premise miniOrange SAML module installed on the Windows authentication machine. SSO is performed based on the response received from the module. This is how Windows authentication is used to achieve Windows integrated security.
setspn -S HTTP/##Server FQDN## ##Domain Service Account##
setspn -S HTTP/server.contoso.com CONTOSO\iwauser
|$this->ldap_server_url||Full URL of your LDAP server, with port||
|$this->ldap_bind_account_dn||Distinguished Name of your LDAP Service Account||
|$this->ldap_bind_account_password||Password of your LDAP Service Account||-|
|$this->search_base||Search base in which to look for users||
|$this->user_attributes||List of attributes that you want to fetch from AD & send in response||
For example, if the branding set in your miniOrange account is iwatest, with customer ID 123456, then the value of this parameter will be:
|Issuer||Hostname of the Windows Server, for example https://server.contoso.com|
|IDP Entity ID||As set in the previous section under Issuer|
|SAML SSO Login URL||Of the format
For example, if the FQDN of your Windows Server is server.contoso.com, then the value of this parameter will be: