Joomla
Single Sign-On

You can enable SAML based SSO in Joomla by installing a SAML Service Provider extension, configuring your Identity Provider such as Azure AD, Okta, or ADFS, and mapping user attributes and roles. Once configured, users authenticate with the IdP and are automatically logged into Joomla without a separate password.

SAML SSO configuration typically involves exchanging metadata between Joomla and your Identity Provider, setting the correct Assertion Consumer Service URL, configuring NameID and attributes, and testing authentication. Most enterprise IdPs provide step by step SAML configuration guides for Joomla.

Joomla SAML SSO works with SAML 2.0 compliant Identity Providers such as Azure AD, Okta, Keycloak, Google Workspace, ADFS, Ping Identity, and more. This makes it suitable for corporate and institutional environments.

SAML SSO centralizes authentication, improves security by removing local passwords, simplifies user management, and ensures compliance with enterprise security policies. It is ideal for organizations managing internal users, partners, or large member bases.

Yes. SAML is widely used in enterprise environments because it supports centralized identity management, MFA enforcement, conditional access policies, and directory integration with Active Directory or LDAP.

miniOrange does not transfer any data out of your systems or store any Personal Identifiable Information (PII). All the extensions are completely on premise. All the data remains within your premises/server. Only for the Joomla MFA extension - We need to store the user's email address. For Risk Based Authentication, information such as device type, location, IP address, and time are necessary to identify the user and give access based on the risk.

Yes, with SAML SSO Joomla can be directly integrated with your corporate IdP, allowing employees to access Joomla using their existing organization credentials without creating separate Joomla accounts.

SAML is best suited for enterprise and workforce SSO where Joomla relies entirely on an external IdP for authentication. OAuth is more commonly used for social login and API access. Choosing the right protocol depends on your use case.