MiniOrange SAML Integration
Learn how to configure a connection to MiniOrange via SAML.
Each SSO Identity Provider requires specific information to create and configure a new Connection (through Application registered). Often, the information required to create a connection will differ by Identity Provider.
MiniOrange integration with Cripsa using SAML consists of 4 parts.
- 1. Create a project/select (an existing) project by logging into https://cripsa.com
- 2. Create an App in MiniOrange using admin account in https://login.xecurify.com/moas/admin/customer/home.
- 3. Use Issuer/Metadata URL information of the MiniOrange App registered to integrate it with Cripsa.
- 4. Use the Final URI received to call against the User click to start the Authentication process.
Create Project through Cripsa
Login to Cripsa Dashboard by using email account
Once logged in Create project for SAML.
Fill all the details. All the fields are required.
Click on “Create Project”.
Note Down all the above highlighted information which will be used while creation of the App in MiniOrange Admin Console (https://login.xecurify.com/moas/admin/customer/home).
What Cripsa provides
Cripsa provides the ACS URL and the SP Entity ID. It’s readily available in your Project Detail page of Cripsa Dashboard.
The ACS URL is the location an Identity Provider redirects its authentication response to. In MiniOrange’s case, it needs to be set by the Enterprise when configuring your application in their MiniOrange dashboard.
The SP Entity ID is a URI used to identify the issuer of a SAML request, response, or assertion. In this case, the entity ID is used to communicate that Cripsa will be the party performing SAML requests to the Enterprise’s MiniOrange instance.
Specifically, the ACS URL will need to be set as the “ACS URL” and the SP Entity ID will need to be set as the “Entity ID” in the “Service Provider Details” step of the MiniOrange SAML setup.
What you’ll need
In order to integrate you’ll need the metadata XML file from MiniOrange.
Normally, this information will come from your Enterprise customer’s IT Management team when they set up your application’s SAML 2.0 configuration in their MiniOrange admin dashboard. But should that not be the case during your setup, here’s how to obtain it.
1. Log in
Log in to the MiniOrange dashboard, select “Apps” from the menu, and then select “Add Application”. If your application is already created, select it from the list of applications and move to Step 6. If you haven’t created a SAML application, select “Add Application” and then provide the details.
Now in the search field write “custom” and then select Custom SAML App.
2. Enter Your App’s Information
Give the custom Application name
For SP Entity ID or Issuer, enter “SP_EntityId” from Create Project of Cripsa.
For ACS URL, enter “ACS” detail from create project of Cripsa.
For Audience URL(Optional), enter “ACS” detail from Create Project of Cripsa.
Click on SAVE.
3. Adding Attributes
In the NameID Format select “urn:oasis:names:tc:SAML:2.0:nameid-format:persistent” as shown above.
Select Primary Identity provider as MINIORANGE.
Go to Parameter and click on “+ Attributes” button in the right panel
Add http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress and E-Mail Address then click on SAVE.
4. Obtain Identity Provider Details
Select SSO left pane menu and note down Issuer URI which needs to be passed as Metadata URI in the Register App menu in Cripsa portal.
5. Validating User Access
In the Users sidebar menu one can see users’ information who has the access to this app.
6. Upload Metadata File by Register MiniOrange App with Cripsa
From Step 4 use the Issuer URI to register the app with Cripsa.
Now go back to https://cripsa.com/saml-register-app ->Select your project you have just created.
Here Three Fields are Mandatory to fill:
- Register Type
- Provider Name (name must be unique with no special character and all in small letter)
- Metadata URL or File Upload
In the Register Type there are four options, and one has to select anyone of them as per your requirement. For more information on these options please see FAQ.
7. User Login Testing
Using code URI to get code after successful login to Okta.
Using token URI to get accessToken after successful login to Okta.
Frequently asked questions
1. How many Registration Options available in Cripsa for SAML and what is the difference between them?
In the Register Type there are four options:
- Registration of SAML Only
- Registration of SAML in Separate Client
- Registration of SAML with Other Already registered Auth Type Apps/Method with MFA
- Registration of SAML with Other Already registered Auth Type Apps/Method without MFA
Only the Login screen would be Different for each Registration Type.
Here in the above diagram one can see MFA is available along with SAML authentication.
Here in the above diagram one can see MFA is available along with SAML and AUTH 2.0 authentication.