Overview

Organizations running applications on the .NET platform often cater to multiple user groups such as employees, customers, vendors, partners, and external stakeholders. These users may belong to different organizations and authenticate using different Identity Providers (IDPs) like Microsoft Azure Active Directory, Okta, ADFS, PingFederate, or Google Workspace.

While modern .NET frameworks support multiple authentication schemes, they lack centralized multi-IDP orchestration, making implementations complex and difficult to scale.

miniOrange solves this by acting as a centralized multi-IDP layer, enabling .NET applications to integrate with multiple IDPs (SAML 2.0, OpenID Connect, OAuth 2.0) through a single, unified authentication layer.

Prerequisites

The organization:

• Runs one or more .NET / ASP.NET / ASP.NET Core applications.
• Supports multiple internal and external user groups.
• Requires authentication via different IDPs based on user type or organization.
• Wants to avoid building and maintaining custom authentication logic for each IDP.

The Challenge

Business Challenges

• Fragmented login experience across applications.
• Difficulty onboarding external users (vendors, partners, customers).
• Increased support tickets due to multiple login paths.
• Poor scalability when adding new IDPs or organizations.
• Inconsistent user access experience.

Technical Challenges

• Lack of dynamic IDP discovery and routing.
• Manual configuration of multiple integrations (SAML or OAuth).
• Difficulty enforcing consistent authentication and authorization policies.
• Complex user provisioning and role mapping.
• Increased maintenance overhead due to custom implementations.

Our Solution

miniOrange enables Multi-IDP support for .NET applications by acting as a Centralised multi IdP layer between the application and multiple IDPs, abstracting complexity and centralizing authentication.

1. Centralized Multi-IDP Management

• Configure multiple IDPs from a single interface.
• Add or modify IDPs without changing application code.
• Manage metadata, certificates, endpoints, and configurations centrally.

2. Consistent Access Control

• Centralized role mapping using claims transformation.
• Uniform enforcement of security policies (MFA, session control, etc.)
• Standardized authorization across all IDPs.

3. Scalable Identity Architecture

• Quickly onboard new partners, vendors, or subsidiaries.
• No custom development required for each new IDP.
• Designed for enterprise-scale and distributed environments

User Journey: Multi-IDP Authentication in a .NET Application

Meet Sarah, an internal employee using a .NET-based enterprise portal. Along with her, multiple user groups access the same application using different IDPs:

• Employees → Azure AD
• Vendors → Okta
• Partners → Google Workspace

1. Employee Login (Azure AD)

Sarah visits the application and selects “Login with Azure AD.”

Authentication Flow:

1. The application redirects Sarah to miniOrange.
2. miniOrange routes her to Azure AD.
3. She logs in and completes MFA.
4. Azure AD sends a response back to miniOrange.
5. miniOrange validates and forwards it to the application.
6. Roles like Employee or HR_Access are assigned via claims.

Outcome:

Sarah accesses employee-specific dashboards and internal resources.

2. Vendor Login (Okta)

John, an external vendor, accesses the same application.

Authentication Flow:

1. Selects “Login with Okta”.
2. Redirected to miniOrange → then to Okta.
3. Completes authentication.
4. Okta returns response to miniOrange.
5. miniOrange validates and logs him into the application.
6. Assigned roles such as Vendor_ReadOnly or Supplier_Manager.

Outcome:

John sees only vendor-specific data such as orders and invoices.

3. Partner Login (Google Workspace)

Alicia, a partner user, logs into the same application.

Authentication Flow:

1. Selects “Login with Google Workspace".
2. Redirected via miniOrange to Google.
3. Authenticates successfully.
4. Google sends response to miniOrange.
5. miniOrange validates and logs her into the application.
6. Assigned partner-specific roles.

Outcome:

Alicia accesses partner content like shared documents and project updates.

Result

After implementing Multi-IDP support in .NET applications, organizations achieve:

• Unified and simplified login experience across all user groups.
• Reduced login confusion and support overhead.
• Faster onboarding of new identity providers and partners.
• Centralized role and policy enforcement using claims-based access.
• Improved security with consistent authentication controls.
• A scalable, future-ready identity architecture.

Additional Resources

1. .NET SSO and SCIM User Provisioning
2. .NET SSO and Two-factor Authentication
3. .NET SAML SSO
4. .NET Two Factor Authentication

We'll Reach Out to You at the Earliest

Enter your email Write your Query Submit

 Thank you for your response. We will get back to you soon.

Something went wrong. Please submit your query again