• Home
• App Integrations
• Single Sign-On Integrations
• Magento Single Sign-On

Magento Single Sign-On SSO

---

Magento is the all-in-one community platform for creators and brands which brings together engaging discussions, members, live streams, chat, events, and memberships all in one place. Single Sign-On (SSO) solution by miniOrange provides secure Single Sign-On access into Magento using a single set of login credentials. You can log into Magento using miniOrange credentials or Azure AD credentials or any of your existing identity providers. With miniOrange SSO services, along with Magento you can also login into other On-Premise and Cloud Applications using your existing Identity Providers/User Store (Azure Active Directory, Okta, Ping) credentials. Follow the given setup guide to integrate SAML SSO for your Magento account.

miniOrange and Magento Single Sign-On (SSO) integration supports the following features:

• SP Initiated Single Sign-On (SSO)
• IdP Initiated Single Sign-On (SSO)

Magento as Identity Provider

Magento is mostly used as a Service Provider (SP), but we can also use Magento as Identity Source.It is a Learning Management System, so it has all the user credentials, who have registered with the Magento. People (Admin / Site administrator) now want to let these users log into another website/application using the Magento credentials. In simple words, Magento users should be able to Single Sign-On into another application using Magento credentials.

• User wants to access a service provided by some other application other than Magento.
• The Application which is configured knows where to authenticate users. It sends the authentication request to miniOrange.
• miniOrange checks the Magento database for the user credentials, whether the user is valid or not.
• User credentials are fetched from the database.
• Depending on the fetched result, miniOrange authenticates the user or denies the request.
• User gets access to respective Service/Application.

Magento as Service Provider

Magento is a Learning Management System. So, users usually login to the Magento site and do their work. But in some cases, they want to SSO into the Magento site. To perform Single Sign On (SSO), the Service Provider and the Identity Provider has to adhere to some kind of protocols like SAML, OAuth etc. In case of SAML, Service Provider is the site which user wants to access. Identity Provider is the site (kind of) where user's credentials are present. Here, the site which has user credentials is Identity Provider and the site where they want to login to is Service provider. In this case, we will configure our Magento site as Service Provider (SP) using miniOrange Plugin. We will use SAML protocol. Here, miniOrange will be the Identity Provider (IdP).

• User wants to access a Magento Site.
• Magento Site sends the authentication request to miniOrange. miniOrange checks the user credentials, whether the user is valid or not.
• miniOrange Authenticates the user.
• User gets access to the Magento Site.

Follow the Step-by-Step Guide given below for Magento Single Sign-On (SSO)

1. Download the plugin and Install in Magento

• Download the plugin from here and Install it in Magento
• Login as administrator in Magento.
• Go to magento root directory. Create the new directories MiniOrange/SP inside the app/code directory.
• Unzip all contents of the zip inside the MiniOrange/SP directory.
• Run the the command on command prompt to enable the plugin - php bin/magento setup:upgrade.
• After the installation if you see the blank page on the admin menu, follow the below steps-
• Take a backup of global.php file under the path - {magento-directory}/generarted/metadata/global.php
• Remove the global.php file.

2. Configure Magento in miniOrange

• Login into miniOrange Admin Console.
• Go to Apps and click on Add Application button.



• In Choose Application, select SAML/WS-FED from the application type dropdown.



• Search for Magento in the list, if you don't find Magento in the list then, search for custom and you can set up your application in Custom SAML App.

• Enter Custom Application Name as Magento
• Enter the SP Entity ID or Issuer.
• Enter the ACS URL.
• Enter the Single Logout URL.
• Click on Next to proceed further.



• In the Attribute Mapping tab configure the following attributes as shown in the image below.



• Click on Save.

To get miniOrange metadata details in order to configure Magento :

• Go to Apps >> Applications.
• Search for your app and click on the icon ' ' in Actions menu against your app.
• Click on Metadata to get metadata details, which will be required later. Click on Show SSO Link to see the IDP initiated SSO link for Magento.



• Here you will see 2 options, if you are setting up miniOrange as IDP copy the metadetails related to miniOrange, if you required to be authenticated via external IDP's (Okta, Azure AD, ADFS, OneLogin, Google Workspace) you can get metadata from the 2nd Section as shown below.



• Keep SAML Login URL , SAML Logout URL and click on the Download Certificate button to download certificate which you will require in Step 2.

3. Configure SSO in Magento Admin Account

• Copy SAML Entity ID, SAML Single-Sign-On Endpoint URL and x.509 certificate from step 2 and paste it in IdP Entity ID or Issuer, Single Sign-on Service URL, x.509 Certificate fields respectively in the plugin.
  
• Click on Save button to save all your settings.



• To check if your Magento as SP is configured correctly, click the Test Configuration button.

External References

• Know More about Single Sign-On (SSO)
• Read more about SAML SSO