Joomla
Single Sign-On

You can enable SAML based Single Sign-On (SSO) in Joomla by installing a SAML Service Provider extension and configuring your Identity Provider such as Azure AD, Okta, or ADFS. After setting up the integration, you need to map user attributes and roles correctly. Once configured, users can authenticate through the Identity Provider and will be automatically logged into Joomla without needing a separate username or password.

Configuring SAML SSO in Joomla involves exchanging metadata between your Joomla site and the Identity Provider. You must set the correct Assertion Consumer Service (ACS) URL, configure the NameID format, and define attribute mappings. After completing the setup, it is important to test the authentication flow. Most enterprise Identity Providers provide detailed step by step documentation to help complete the configuration.

Joomla SAML SSO works with any SAML 2.0 compliant Identity Provider. This includes popular services such as Azure AD, Okta, Keycloak, Google Workspace, ADFS, and Ping Identity. Because of this wide compatibility, Joomla SSO can be easily integrated into enterprise environments as well as educational and government systems.

Implementing SAML SSO in Joomla centralizes user authentication and eliminates the need for managing separate Joomla passwords. It improves security by relying on trusted Identity Providers, simplifies user management, and helps organizations meet compliance requirements. This makes it ideal for enterprises managing employees, partners, or large user bases.

Yes, SAML SSO is widely used in enterprise Joomla deployments because it supports centralized identity management and integrates with corporate directories such as Active Directory and LDAP. It also enables advanced security features like Multi-Factor Authentication (MFA), conditional access policies, and role based access control.

miniOrange does not transfer any data outside your system or store Personal Identifiable Information externally. All Joomla extensions operate on premise, meaning user data remains within your server environment. For the Joomla MFA extension, only the user’s email address is required. In case of risk based authentication, information such as device type, IP address, location, and login time may be used to evaluate risk and control access.

Yes, Joomla can be integrated with your corporate Identity Provider using SAML SSO. This allows employees or users to log in using their existing organizational credentials without creating or managing separate Joomla accounts. It streamlines access and improves security across systems.

SAML is typically used for enterprise Single Sign-On scenarios where authentication is handled entirely by an external Identity Provider. OAuth, on the other hand, is commonly used for social logins and API authorization. The choice between SAML and OAuth depends on whether your use case involves workforce identity management or external user access.