Search Results :

×
Sign Up Contact Us

Contents

Step by Step Guide for Single Sign On into ExpressionEngine

miniOrange provides a ready to use solution for ExpressionEngine and secure access with one set of login credentials. With the SAML Single Sign On SSO addon, ExpressionEngine can act as a SAML Service Provider and connect with SAML 2.0 compliant Identity Providers for secure admin login. SAML SP supports popular IdPs like ADFS, Azure AD, Okta, Salesforce, Shibboleth, SimpleSAMLphp, miniOrange IdP, OpenAM, Centrify, Ping, RSA, IBM, Google Apps, Oracle, OneLogin, Bitium, WSO2, and NetIQ. The module also supports OAuth protocol for SSO.

download plugin button Download Plugin plugin pricing button plugin pricing button Pricing Plans free trial plugin free trial plugin Free Trial
  • You can install and download the miniOrange SAML 2.0 SSO SP plugin in ExpressionEngine from EE Marketplace.
  • Copy and paste the miniorange_saml_sso folder inside /system/user/addons/.
  • Go to admin panel of your website https://example.com/admin.php.
  • Click on Developer > Addons.
  • Scroll down and click on Install beside the addon named Miniorange SAML SSO.
    • expressionengine download and install
  • Click on the cog wheel icon besides the miniorange saml sso module.
    • expressionengine addon settings
  • Login / Register with your miniOrange credentials. This is a one-time setup to help support coordination if required.
    • expressionengine login register

Follow these quick and simple steps to set up ExpressionEngine SSO using SAML.

  • After login/register, you will see the following sections:
    • SP Settings
    • IDP Configuration
    • Submit Query
    expressionengine sp settings
  • In case you are stuck, feel free to submit a query from the module interface.
    • expressionengine submit query
  • Go to your IdP and collect the following details:
    1. IdP Entity ID
    2. SAML Login URL
    3. Logout URL
    4. SAML X.509 Certificate
  • Provide required settings such as Identity Provider Name, IdP Entity ID or Issuer, SAML Login URL, and X.509 Certificate from your IdP, then save.
    • IdP Entity ID or Issuer https://login.xecurify.com/moas
    SAML Login URL https://login.xecurify.com/moas/idp/samlsso
    X.509 Certificate X.509 certificate is enclosed in X509Certificate tag in IdP-Metadata XML file (parent tag: KeyDescriptor use="signing").
    SAML Logout URL https://login.xecurify.com/moas/idp/samllogout
  • After filling these fields, click on Save Settings to save details.
  • Click on Test Configuration and user details will be fetched.
    • expressionengine idp configuration
  • A successful test result shows attributes received and mapped by attribute mapping.
    • expressionengine test configuration
  • Go to \system\ee\EllisLab\ExpressionEngine\View\account\login.php
  • In login.php, paste the following code before <?=form_close()?>
<fieldset data-data-style="text-align:center>
<br><br>
<button class="btn btn-primary" >
<a data-data-style="color: white" href="https://example.com/index.php?ACT=101" >Sign-in with miniOrange</a>
</button>
</fieldset>
  • Save the login.php file.
  • Go to your admin panel and verify the SSO button is visible.
  • You can now perform Single Sign-On during login using this button.
    • expressionengine sso button

ExpressionEngine SSO lets your users log in once using a single username and password and access your ExpressionEngine site without logging in again. It removes the need to remember multiple passwords and makes the login experience much easier for users.

When a user clicks the login button, they are taken to a trusted login system called an identity provider. Once they have entered their details there, they are automatically logged into ExpressionEngine without needing to enter their credentials again. This process is secure and happens in the background using SAML.

ExpressionEngine Single Sign-On works with popular identity providers like Azure AD/Entra ID, Okta, and Google Workspace. It also supports any provider that follows standard login methods like SAML, so you can use the system you already have.

Yes, you can enable Single Logout (SLO). This means when a user logs out of ExpressionEngine, their session is properly closed, helping keep accounts secure and preventing unauthorized access.



 Thank you for your response. We will get back to you soon.

Something went wrong. Please submit your query again

We'll Reach Out to You at the Earliest!


ADFS_sso ×
Hello there!

Need Help? We are right here!

support