The University of Aruba (UA) is a modern university offering higher education, research, and social services to Aruba and the surrounding regions. University Centers strive to contribute to the academic discussion, participate in the sustainable development of Aruba. Providing these services is a critical part of UA’s mission to give back to the Aruban community.
miniOrange provides a Windows Single Sign On solution for the University of Aruba which allows students and staff to SSO into their day-to-day applications in or off the university premises. When students authenticate themselves into the Windows domain/laptop once, they will be able to login to the configured applications (say GSuite for example) without re-entering their credentials & authenticating with their AD again.
How miniOrange Single Sign On service works for University of Aruba?
miniOrange has achieved this solution by, installing a component on the Windows Server that acts as an Identity Provider and performs Kerberos authentication. When a staff or student tries to access a cloud application like GSuite (Google Apps), the request is sent to the miniOrange SSO Server. The miniOrange SSO Server, in turn, asks the miniOrange Identity Provider module installed in the Windows machine if a user is logged into the machine, and performs SSO based on the response from the module.
For those accessing applications from outside the university network, when miniOrange Identity Provider module finds that the student or staff is not logged in, they are prompted to enter AD credentials and miniOrange SSO Server performs SSO based on this authentication.
This solution involves 3 steps basically –
- Enabling Windows/Kerberos Authentication on Domain.
- Installing the miniOrange SAML module in Windows and configuring it with the miniOrange SSO server and adding the miniOrange SAML module ( installed on the Windows Machine ) as an Identity Source in the miniOrange SSO server.
- Connecting cloud applications to miniOrange SSO server.
To reduce syncing tasks for administrators, miniOrange also has deployed a Directory Sync tool in the DMZ of the university which syncs the users from Active Directory (AD) to miniOrange, and if the user changes their password from the miniOrange Console, it will be updated in the AD as well.