Hello there!

Need Help? We are right here!

Support Icon
miniOrange Email Support
success

Thanks for your Enquiry. Our team will soon reach out to you.

If you don't hear from us within 24 hours, please feel free to send a follow-up email to info@xecurify.com

Search Results:

×

IDP Global Settings


Overview

This section list all different IDP Product/ Global Settings and configurations available to a customer for customizations.

Login to miniOrange admin console. Navigate to Settings icon on the top right corner of the header to view and enable any IDP global settings.

IDP product global setting

Following Settings/Configurations are for both On-premise and Cloud:


  • Account

The following settings are available while configuring User account.

  • Details:

    When you create an account with us, these 3 keys get generated for your account required for any API Calls for user operations/ 2FA integration using APIs, etc.

    IDP product global setting

    • Customer Key
    • Customer API Key
    • Customer Token Key

    You can download the Account info from the Download icon beside the Account Details.


  • Languages:
    IDP product global setting

    • Enable Internationalization: Checking this option will enable dropdown for the Enduser to choose their languages on :- Login page, UserSignUp page. Enabling this option would allow email templates and Custom attributes in different languages.
    • Customer Preferred Language: Select the preferred language from the dropdown. miniOrange Supports English, German, Spanish, Italien, Portugese. English is default language.

  • Users

  • User Onboarding:

    The following settings are available while On-Boarding a user. You can enable 'Allow user to register' setting from Customization --> Login and Registration Branding --> Basic settings.

    IDP product global setting

    • Enable User Auto-Registration (A CSV list with passwords for all the uploaded users will be made available to you): By enabling this option, if you have not provided password for the users while uploading them then a password is generated automatically and assigned to the user and the users are registered. You can get a CSV list of all these users with their generated passwords.
    • Enable Inline Registration for users: By enabling this option, if the user is not present in miniOrange then he will be asked to register when he tries to Single Sign-on into any application. The User will be registered in miniOrange.
    • Enable sending Welcome Emails after user registration: On enabling this option, All the users after successful registration will receive an welcome email from miniOrange to their registered Email IDs
    • Enable sending activation email with password reset link after user registration - On enabling this option, an activation email along with a link to reset password will be sent to all the user who have been newly registered. The User account will be activated only after following the process on the received link.
    • Verify User via OTP on email after registration: You can enable this option to add a verification option before registration completion to verify user via valid email ID.
    • Verify User via OTP on phone after registration: You can enable this option to add a verification option before registration completion to verify user via valid phone number.
    • Enforce users to set up their 2FA Method on First Login: On enabling this option, user is prompted for his configured 2FA method on first login attempt.
    • Skip Alternate Login Method (KBA) Configuration during Inline Registration: This functionality gives you a choice to ask the KBA questions during inline registration. Enable this option if you want to skip this.
    • Redirect user to SSO app after registration: By default, after user signup, a user will see a default page showing thanks for registration message with a link to redirect to login page. Once you enable this option, if a user has first initiated sso request from his application and then clicked the create account link since he has no account. After successful registration, he will be redirected to his app and logged in as the user created.
    • Provision User to Third -Party App before registration: There are few cases where customer has any CRM/AD or any user data store where all users are created first or need to be maintained always. So, in that case. You can enable this option to first create the user in your existing data store and then create in IDP using the unique identifier/username generated using the CRM.

  • Login & Logout:

    Following options are available in User Login & Logout preferences section.

    IDP product global setting

    • Prevent Concurrent Logins: On enabling this option, User will be able to log in to the application or IdP with only one device at a time. Multiple login from different device will not be allowed.
    • Force Users to change the password on first login: On enabling this option, When a newly created user logs in for the first time, he/she is forced to change the password.
    • Enable login with phone number: On enabling this option, the User can login using his phone number instead of username. Note - The Users should have unique phone numbers.
    • Show IDP's Based On User Groups: Checking this option will display all the configured IDP's based on User groups. The Users can choose from which IDP he/she should be authenticated
    • Enable shared user login for users: On enabling this option, you can give one set of credentials to multiple users or a group of users and they can login into the application using the same.
    • Enable Single Logout: Checking this option will enable Single Logout of all SP apps configured with miniOrange as an IdP and the apps that are logged in with miniOrange. This only works for the SP Apps that support IdP initiated logout.
    • Maximum Login Attempts: This is the number of unsuccessful login attempts allowed to user before disabling the user.
    • Disable User Login Time Period: The disabled user will be allowed to attempt login again to IdP or his configured applications after this time period.
    • Enable Session Time out: Default IDP session time out is 90 minutes. Enabling this option will override default IDP session timeout and will enable custom session time out for users.

  • User Re-verification:

    Checking this option will force users to re-verify themselves periodically. You can choose when users will get notified about the re-verification and also when the re-verification window will expire, after which their accounts will be disabled automatically.

    IDP product global setting

    • Re-verify users every (months): You can specify the number of months after which re-verification should be invoked.
    • Notify Users of re-verification before (days): You can specify the number of days before which users should be notified about re-verification.
    • Re-verification Period (days): You can specify the number of days after which re-verification should be invoked.

  • Security

  • Reset Password:

    The following settings are available while Resetting Password.

    IDP product global setting

    • Allow Password Link with Phone Number: Enabling this option will allow reset password link to be sent to registered phone and email.
    • Password Reset via OTP to Phone: Enabling this option will allow reset password with registered phone number only. Enable only when Users have unique phone numbers.
    • Password Reset via Active 2FA method: Enabling this option will allow reset password with your active 2FA method. Enable only when Users have 2FA configured.
    • Password Reset with Alternate Email: Enabling this option will allow reset password with alternate email.

  • MFA:

    The following options are available under Multi Factor Authentication settings.

    IDP product global setting

    • Security Question Limit - The number of security questions a user has to fill during registration. 
    • No. of Question to Verify: Out of the total number of security questions, the number of questions that should be verified for authorization.
    • Enable End Users to change their Questions: You can enable/disable the permission for users to update or change the security questions.
    • Enable Two Factor (MFA) at the time of login for additional admin accounts: Here you can enable Two Factor (MFA) at the time of login for additional admin accounts.
    • Force Captcha on Login: On enabling this option, when user tries to login, he has fill the captcha mandatorily. Then only he will be able to login.
    • Enable 2FA methods quick test for End Users: By enabling this feature, user can perform quick tests for his configured 2FA method.
    • OTP Length: The total length of digits in the the passcode.
    • OTP Validity (In mins): The time for which the OTP should stay valid. After this time period, current OTP will no longer work and you will have to request for a new OTP.
    • Device Profiles Expiry Time: Device profile expiry is the time after which your registered device gets unregistered so that you can register new devices.
    • Mobile App Issuer Name: Enter the name of the Mobile App Issuer.

  • Iframe Embedding:

    IDP product global setting

    • Iframe Embedding: You can enable iframe embedding from here. By enabling this option, your organization can embed miniOrange in iframe in any of your applications and access miniOrange from there.
    • Frame Ancestors: Frame Ancestors specify which websites are allowed to embed miniOrange in an iframe. You can use a URL, a domain, or a wildcard domain. Example: https://www.example.com *.example.com

Following Settings/Configurations are only for On-premise:


  • Account

  • Details:
    IDP product global setting

    • Server Details: You can change the domain URL where the On-Premise version of IdP is hosted as shown in above screenshot.
    • IDP product global setting

    • miniOrange cloud user account details: This is required to use SMS or Email service from miniOrange instead of configuring custom SMS or SMTP provider
    • Logging: You can set the logging level of the product as shown in the screenshot below. Default logging level is ALL. You can choose from the following options and change the logging level to any of them:
      • ALL
      • TRACE
      • DEBUG
      • INFO
      • WARN
      • ERROR
      • FATAL
      • OFF

      It is recommended to change it to Error for production environments for best performance. Once you save the logging level there is no need to restart the server for changes to take effect but you should not perform this operation very frequently.

      Note: 1. This option is available only for Main Admin and Super Admin accounts.
      2. Any changes you make here are not persisted across server restarts. You will need to edit 'WEB-INF/classes/log4j.properties' to change levels permanently.


  • Users

  • Login & Logout:
      IDP product global setting

    • Enable Integrated Windows Authentication (IWA): This option allows you to login with your Windows credentials, without having to enter a username and password.

Following Setting is accessible only for Super Admin:


  • Users

  • User Onboarding:
    IDP product global setting

    • Enable sending activation emails to customer with Passwords: Super admin can enable or disable activation emails sent to customers which contains passwords.