User Creation from LDAP user store using miniOrange Broker Service

You can configure any IDP like AD, OpenDS which supports LDAP to single sign-on into apps which doesn't support SAML or any protocol.Likewise using our broker service you can also sso into any app supporting other protocols like OAuth, OpenID Connect, JWT, etc.

Given below are the steps given to configure AD as IDP & connect it with miniorange broker to single sign-on into WordPress using SAML protocol.

Step 1: Setup AD as User Store Using miniOrange Broker Service

  • Navigate to miniOrange->User Stores->Add User Store->AD/LDAP
  •   Directory Type   Active Directory
      LDAP Server URL   Your AD server URL or IP address
      Bind Account DN   Please perform step-A
      Bind Account Password   Please perform step-B
      Search Bases   Please perform step-C
      Search Filter   Please perform step-D
  • Step A: Go to AD FS->Domain->respective Users-> Properties->Attribute Editor. Now copy the value of distinguishedName & paste it against Bind Account DN User Store Bind Account
  • Step B: Enter the valid password for the user from Step A.
  • Step C: Search Base is a user search location. It means where to search for a user. User Store Search Base
  • Step D: If you want to add extra conditions on user search you can add it in Search Filter. If you not sure what to add then add (&(objectClass=*)(cn=?)). User Store Search Filter
  • Click on Save. After this, it will show you the list of User stores. Click on Test Configuration to check whether you have enter valid details. For that, it will ask for username & password. User Store test   Note: Refer our document to see our step by step guide to setup LDAPS on windows server.

Step 2: On-the-fly User creation from LDAP User Store

    miniOrange supports on-the-fly user creation in miniOrange from an external LDAP directory. This would simplify the sign-on process from an external directory without the need to set up scheduled sync from the external directory. After the creation of users on-the fly, it would be possible to set up Two Factor Authentication and Fraud Prevention policies for the users in order to enhance security.

    Pre-requisite: Custom branded URL needs to be set.

    The following steps allow to setup On-the-fly User Creation from a LDAP User Store. They require a LDAP User Store to be setup in miniOrange. To setup a LDAP User Store in miniOrange, you can follow the guide in the link.

    1. Navigate to the miniOrange Admin Console through the branded login URL.
    2. Head over to the User Stores section on the left navbar.
    3. Click on Edit for the LDAP Directory with which the On-the-fly user creation needs to be enabled.
    4. You need to ensure that the following attributes are set.
      • Username attribute: This would be the LDAP Attribute mapped to the username in miniOrange.
      • Email attribute: This would be the LDAP Attribute mapped to the email address in miniOrange.
    5. Enable the Sync users in miniOrange option.
    6. User Store LDAP Settings
    7. Click on Save.
    At this point, users will be created in miniOrange when a connected application is accessed or if a directory user tries to access the miniOrange dashboard.

Step 3: Setup WordPress as SP for miniOrange Broker Service

    You can use the following steps to setup connection between your SP (Service Provider) & miniOrange. Here we have used WordPress as SP.
    1. First navigate to Apps->Manage Apps->Configure Apps. Search for WordPress in SAML section. Select Wordpress App & click on Add App.
    2. Apps Integration for WordPress as SP
    3. If you don't find the application that you are looking for then you can also use Custom App.
    4. Custom app Settings for WordPress as SP
    5. Now navigate to Wordpress->miniOrange SAML 2.0 SSO->Identity Provider tab. Copy SP-EntityID / Issuer & ACS (AssertionConsumerService) URL & paste it against SP Entity ID or Issuer & ACS URL in miniOrange. Select Name ID as Email Address.
    6. Wordpress as SP (Identity provider Settings)

    7. Click on save. After this it will shows the list of configured apps. Now click on Metadata option of the respective app. It will show the popup in which it shows the URL list. Remember IdP Entity ID or Issuer, Broker Service Login URL & X.509 Certificate. These values are required for adding IDP on WordPress.
    8. Goto Wordpress->miniOrange SAML 2.0 SSO->Service Provider tab & add following data
    9. IdP Entity ID or Issuer IdP Entity ID or Issuer from miniOrange App Metadata link
      SAML Login URL Broker Service Login URL from miniOrange App Metadata link
      X.509 Certificate X.509 Certificate from miniOrange App Metadata link

      Wordpress as SP ( Final Settings)
    10. Click on Save. To check whether configurations are working or not for that click Test Configuration.