The moment you decide to bring your business online by launching a Drupal site, the biggest concern is about avoiding cyberattacks and keeping the data of your visitors safe. SSO comes here to rescue and let you use the best security available in the market by using popular IdPs like Okta, Azure AD, ADFS, Google etc.
SAML SP 2.0 Single Sign-On (SSO) - SAML Service Provider module (a.k.a Drupal SSO module) can be integrated within 5 minutes with any SAML 2.0 compliant Identity Provider (IdP). The SAML SSO module has all the enterprise-level features like users’ attribute mapping, role mapping, attribute & domain based restriction and sign-in settings like forced SSO login, etc to meet all requirements of your organization.
Advantages of Drupal SSO:
- Greater security and compliance: Once you enable SSO you have all the security features and compliance's implemented by your Identity Provider.
- One central control point: Your your IT team can view, manage, and secure all your users’ access, whether they are internal employees or external partners from a single point.
- Easy to adapt new technologies: Generally all Identity providers keep updating there technologies to meet the market requirements so you need not to worry about new changes in technology.
- Easy to scale: In case of business expansion to new website or platform (mobile or desktop) you can just connect their login to the same IdP.
Common terms of SSO
Identity Provider (IdP): The system entity which authenticates the user and sends the authentication response to other party (called Service Provider). Example: If you are connecting your Drupal website with azure then azure is Identity Provider in this case which is responsible for authentication of users.
Service Provider (SP): Service Provider accepts the authentication response sent by the Identity Provider and allows successful login to the user. Example: If you are connecting your Drupal website with azure then Drupal is Service Provider in this case.
Five easy and simple steps to implement Drupal SSO
Install the SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider module:
- Download the miniOrange Drupal SAML SP module from here.
- Login into your Drupal instance using your admin account.
- Go to Extend click on Install new module.
- Upload the downloaded module as a .zip file. Then click on Install.
- After successful installation, click on Enable newly added modules and enable the module. Then click Save configuration button.
Copy metadata from the service provider metadata tab of the module:
- In the miniOrange SAML 2.0 SSO module, navigate to Service Provider Metadata tab. Here, you can find the SP metadata such as SP Entity ID and ACS (AssertionConsumerService) URL which is required to configure the Identity Provider.
Configure your IdP using the metadata copied in step 2:
You can configure your Identity Provider by using the metadata copied in the last step. You can also find the metadata URL in the Service Provider Metadata tab of the miniOrange
SAML SP SSO module (From the same tab you can also download the metadata file if needed).
Obtain metadata from IdP and configure the module in the service provider setup tab:
Your IdP team will provide: IdP metadata URL or IdP metadata file or EntityId, SAML login URL and X.509 certficate of IdP.
A. In case you have IdP metadata URL:
- Click on Upload IDP Metadata.
- Enter metadata URL and click on Fetch Metadata button.
B. In case you have IdP metadata file:
- Click on Upload IDP Metadata.
- Upload IdP metadata file and click on Upload File button.
C. In case you have EntityId and SAML login URL:
- Provide the required settings (i.e. Identity Provider Name, IdP Entity ID , SAML Login URL, X.509 Certificate).
- Scroll down to the bottom of the page and click on the save settings button.
Test the SSO connection and enable SAML SSO login:
- In the service provider setup tab scroll down to the bottom of the page and click on Test Configuration button to test the SSO connection.
- After successful test connection, enable the checkbox named as 'Enable login with SAML'.
- Try to access login page of your site. You will find a link to perform SSO below the username and password login section.
If you don't find what you are looking for, please contact us at email@example.com or call us at +1 978 658 9387.