Craft CMS Single Sign-On (SSO)

Single Sign-On for Craft CMS

Craft CMS Single Sign-On application by miniOrange allows users to SSO into your Craft CMS. Configure SSO with integration protocols such as SAML 2.0, OAuth 2.0, OpenID Connect, JWT, LDAP, API authentication, etc. for different IDPs like Okta, ADFS, Azure AD, Azure B2C, Onelogin, AWS Cognito, GSuite/Google Apps, etc. or any Custom Identity provider along with MFA features. Our solution ensures easy, secured and seamless login to Craft CMS store using a single set of credentials within minutes.

Key Features

SSO for Existing User Store

Connect any existing Databases like MYSQL, Oracle, PostgreSQL and any existing web-service Application based on JAVA, PHP, NodeJS, Ruby on Rails, .NET, etc and allow all users to perform Single Sign on into your Craft CMS.

Single Logout (SLO)

Federated Authentication feature to sign out the user session from Craft CMS as well as Identity provider with a single action using the Single Logout Endpoint.

Existing User store integrations

Provides real time Single Sign-On(SSO) access for users without having to move users from their existing user stores like Federated Identity Provider, OAuth / OpenID Providers, Active Directory / LDAP, GSuite/Google Apps etc.

Multiple IDPs Supported

Configure SSO support for multiple IDPs and authenticating different types of users with different IDPs.

Risk Based authentication

Enhancing security to your Craft CMS access avoiding Fraud prevention based on IP, Device, Location and Time based rules.

Widget/Shortcode for IDP Login

Configure your login widget according to your store’s theme .Contact us at info@xecurify.com for customizing the widget specifically for you.

Complete Site Protection

Keep your website private and secured by allowing only the users present in your IDP to access the Craft CMS based site. Any external users won’t be able to access any page of your site.

User Sync

New users can be auto-created during Single Sign-On while existing users can log in into their existing Craft CMS profile. Sync user profile attributes such as first name, last name, tags, address, etc. present in your IDP to Craft CMS user profile fields.

Mobile Application Support

Allow existing users to SSO into Craft CMS based site embedded in Mobile Application web-view via JWT token available within Mobile Application or perform SSO via JWT Token provided by your external web-service.

Setup SSO with Multiple IDP's

Cognito

Okta

OneLogin

Azure AD

ADFS

PingFederate

GSuite

Auth0

Salesforce

Facebook

Apple

Keycloak

Azure B2C

AWS User Store

Google

PingOne

WSO2

Zendesk

Twitter

LinkedIn

Discord

WordPress

Identity Server 4

Benefits

Easy to Configure

Login to your Craft CMS using SAML 2.0,OAuth,OpenID compliant Identity Providers with easy configuration.

More Secure

Add more security to your existing login with added layers of Multifactor Authentication like 2FA and OTP login.

Redirect URL

Adding Redirect URL for switching users to specific page of Craft CMS after SSO or leaving blank for bringing them back to the page where SSO is initiated.

24/7 Active Support

We provide world-class support and customers vouch for our support.

Mobile Support

All types of phones are supported by Smart Phones (iPhone, Android, BlackBerry), Basic Phones, Landlines, etc.

Real Time Control

Alert or terminate the user session if the user performs any forbidden action.

Quick Setup and Strong Authentication

Only a few steps are required to enable session management security on Craft CMS with ease of time.

On-premise Support

On-premise solution is available for utmost security

Boost Productivity

Allow employees to quickly access your admin dashboard of Craft CMS with a single click, without having to manage, remember, & reset multiple passwords.

Branding / Customization

Get customization on our products which are platform independent and easily accessed by an end user.

Reduce Complexity

Use a centralized system to store all of your customers and reduce efforts to manage many application accounts, nullify human errors and complexity.

Step-by-Step Guide for configuring SSO into Craft CMS

Step 1: Install and setup App

Login to your Craft CMS platform, and navigate to the Plugin Store section.

Craft cms sso using any idp - Plugin store section

Search for SSO and select single sign on application.

Craft cms sso using any idp - search for sso

Click on install button as shown on the below screen to install the application.

Craft cms sso using any idp - install application

Now navigate to the single-sign-on application tab and click on Add New IDP button. Choose the type of protocol your IDP support (SAML or Oauth).

Craft cms sso using any idp - choose type of application

SAML
Oauth

Get the SP metadata by navigating to the Meta Data tab. It will be used to configure Craft CMS as SP in your IDP.

Craft cms sso using any idp - sso configuration

Navigate to the IDP settings and fill the blank field by referring the below table:

App Provider	Add appropriate IDP name
SAML Issuer (Entity ID)	Get Entity ID from your IDP
SAML Login URL	Get SAML Login URL from your IDP
SAML Logout URL	Get SAML Logout URL from your IDP
SAML X509 certification	X509 certificate from your IDP

Click on Save.
Go to Single Sign On - SSO Application from Admin Dashboard.
Navigate to the Attribute Mapping Section.

Craft cms sso using any idp - attribute mapping

Enter the attributes values or 'keys' like email, given_name, family_name, etc from your Identity provider to map them into your Craft CMS’s customer profile.
Save your configurations.
Click on the Test configurations button present at the bottom of the screen.
After entering the correct credentials of the user present in your IDP, you will get a successful test connection screen.

Craft cms sso using any idp - test successful window

You can get the Callback URL (Redirect URL) from here. It will be used to configure Craft CMS as SP in your IDP.
Fill the blank field by referring the below table:

App Provider	Add appropriate IDP name
Client ID	Get client id from your IDP
Client Sercet	Get client secret from your IDP
Scope	email + profile
Authorize URL	From IDP
OAuth Token API	From IDP
User Info API	From IDP
Callback URl	It will be used to configure Craft CMS in your IDP

Click on Save.
Go to Single Sign On - SSO Application from Admin Dashboard.
Navigate to the Attribute Mapping Section.

Enter the attributes values or 'keys' like email, given_name, family_name, etc from your Identity provider to map them into your Craft CMS’s customer profile.
Save your configurations.
Click on the Test configurations button present at the bottom of the screen.
After entering the correct credentials of the user present in your IDP, you will get a successful test connection screen.

Step 2: Testing IDP configuration

Go to you Craft CMS login page.
Click on login button.
You’ll be redirected to login page of IDP you configured earlier. Enter your account credentials
You’ll be successfully login to your Craft CMS platform.

Need Guidance?

Mail us at oauthsupport@xecurify.com for quick guidance(via email/meeting) on your requirement and our team will help you to select the best suitable solution/plan as per your requirement and your selected OAuth / OpenID provider. We can also help you to select a suitable plan as per your requirement.