miniOrange
Learn how to configure a connection to miniOrange via SAML.
Each SSO Identity Provider requires specific information to create and configure a new Connection. Often, the information required to create a Connection will differ by Identity Provider.
To create a miniOrange SAML Connection, you’ll need an IdP Metadata URL.
Start by logging in to your WorkOS dashboard and browse to the “Organizations” tab on the left hand navigation bar.
Select the organization you’d like to configure a miniOrange SAML Connection for, and select “Manually Configure Connection” under “Identity Provider”.
Select “miniOrange SAML” from the Identity Provider dropdown, enter a descriptive name for the connection, and then select the “Create Connection” button.
WorkOS provides the ACS URL, SP Entity ID and SP Metadata URL. They’re readily available in your Connection Settings in the WorkOS Dashboard. For this configuration, you should only need to use the SP Metadata URL, but other fields are provided should you choose to do a more manual configuration.
Next, provide the IdP Metadata URL. Normally, this information will come from the organization’s IT Management team when they set up your application’s SAML 2.0 configuration in their miniOrange admin dashboard. But, should that not be the case during your setup, the next steps will show you how to obtain it.
Log in to miniOrange, go to the admin dashboard and select “Apps” on the left side navigation. If your application is already created, select it from the list of applications and move to Step 2. Otherwise, select “Add Application”.
Under “SAML/WS-FED”, select “Create App”.
Search for “custom” in the search box and select “Custom SAML App”.
Under the “Basic Settings” tab of the SAML app, select “Import SP Metadata”.
Give the SAML app a descriptive name under “App Name”. Under “SP Metadata”, select “URL” and input the SP Metadata URL from your SSO Connection settings in the WorkOS Dashboard. Then, hit “Import”.
Make sure that you have the “Sign Assertion” field toggled on.
Select “Next”.
Under the “Attribute Mapping” section of the SAML app, select “Add Attribute”.
Map the following four attributes as shown below, and the select “Save”.
id→Usernameemail→E-Mail AddressfirstName→First NamelastName→Last Name
With identity provider role assignment, users can receive roles within your application based on their group memberships. To return this information in the attribute statement, follow the guidance below.
On your SAML app’s Settings page, scroll down to “Attributes” and add a new attribute. Set the attribute’s name to groups and map it to the “User Groups” field. Click “Save”.
Finish role assignment set-up by navigating to the Connection page in the Organization section of the WorkOS Dashboard. Create connection groups referencing the group IdP ID. Then, assign roles to connection groups so users in those groups will automatically be granted roles within your application.
Back on the “Apps” tab of the miniOrange Dashboard, click “Select” next to the app you’ve created. From the dropdown, select “Metadata”.
Under the “Information required to set miniOrange as IdP” section, click the icon next to “Metadata URL” to copy it to your clipboard.
In the Connection settings in the WorkOS Dashboard, click “Edit Metadata Configuration”.
Paste the Metadata URL from miniOrange into the “Metadata URL” field and select “Save Metadata Configuration”.
Your Connection will then be linked and good to go!