mimecast SAML Single Sign-On (SSO) Integration with Drupal as IdP

Overview

This guide will help you integrate Drupal as a SAML 2.0 Identity Provider (IdP) and mimecast as a Service Provider (SP) using the miniOrange SAML IDP module. This integration enables centralized user management and permission control, allowing users to access multiple applications with a single set of credentials. The module is compatible with Drupal 7, Drupal 8, Drupal 9, Drupal 10, and Drupal 11.

Installation Steps

• Using Composer
• Using Drush
• Manual Installation

• Download the module:

  Composer require 'drupal/miniorange_saml_idp'

• Navigate to Extend menu on your Drupal admin console and search for miniOrange SAML Identity Provider using the search box.
• Enable the module by checking the checkbox and click on install button.
• Configure the module at

  {BaseURL}/admin/config/people/miniorange_saml_idp/idp_setup

• Install the module:

  drush en miniorange_saml_idp

• Clear the cache:

   drush cr

• Configure the module at

  {BaseURL}/admin/config/people/miniorange_saml_idp/idp_setup

• Navigate to Extend menu on your Drupal admin console and click on Install new module button.
• Install the Drupal SAML IDP 2.0 Single Sign On (SSO) - SAML Identity Provider module either by downloading the zip or from the URL of the package (tar/zip).
• Click on Enable newly added modules.
• Enable this module by checking the checkbox and click on install button.
• Configure the module at

  {BaseURL}/admin/config/people/miniorange_saml_idp/idp_setup

Configuration Steps

Drupal SAML IdP Metadata:

• After installing the module on your Drupal site, in the Administration menu → navigate to Configuration → People → miniOrange SAML IDP Configuration. (/admin/config/people/miniorange_saml_idp/idp_setup)

• Under the IDP Metadata tab, copy the Metadata URL. Keep it handy. (This information is required to configure mimecast as SAML SP.)

Configure mimecast as Service Provider:

• Login into your mimecast Administrator Console.
• Navigate to Administration -> Services -> Applications.
• Click on the Authentication Profiles.

• You can select either or existing Authentication Profiles to update, or click on to create New Authentication Profile. These are following steps below:
• Description: Enter description for the New Profile.
• Enforce SAML Authentication for Administration Console: Select the Enforce SAML Authentication for Administration Console. The screen expanded to the reveal SAML Settings.
• Metadata URL: Paste the metadata URL which is copied from Drupal.
• Optionally define which Authentication Context to use. By default both password protected and integrated contexts are used.
• Choose to Allow Single Sign On. This setting enables / disables Identity Provider Initiated Sign On.

• Still in Administration Console, navigate to the Administration -> Services -> Applications menu. Then follow the steps below:
• Select the Application Settings Administrator that you want to use.
• Use the Lookup button to find the Authentication Profile you want to reference and click the Select link on the lookup page.
• Click Save and Exit.

Configure Drupal as SAML Identity Provider:

• Navigate to the Drupal site and switch to the Service Provider Setup tab of the miniOrange SAML IDP module and click on the Upload SP metadata to expand it.

• Upload the metadata file downloaded from the mimecast.

• Once the configuration is successfully saved you will get a success message. Now, click on the Test link.

You have successfully set up mimecast as Service Provider and Drupal as Identity Provider.