Qarbon Tech integrated SAML/OAuth SSO for external customers with their custom login page for hassle-free UX and enhanced security

Qarbon Tech integrated SAML/OAuth SSO for external customers with their custom login page for hassle-free UX and enhanced security

miniOrange x Qarbon Tech

The Client:

Qarbon is a platform that securely transfers data between workflow management and data center systems, allowing easy access to data. This improves efficiency, reduces energy costs, tracks inventory, and ensures ESG compliance. They provide a SaaS-based orchestration platform which is a single, OpenAPI interface between data centers and customers.

The Requirement:

The client sought to implement SSO for their external customers, aiming to utilize their existing custom login page across internal applications for authenticating external customers accessing the JSM customer portal. Internally, this custom login page was integrated with Cognito for authentication purposes.

The Solution:

Based on the customer's requirements, we encountered two key challenges:

  • Enforcing SSO on the JSM customer portal: Our marketplace plugin, SAML/OAuth SSO for external customers, was specifically designed and developed to address this requirement. It seamlessly enforced SSO on the JSM customer portal, aligning perfectly with the customer's needs.
  • Integrating the client's custom login page: Our marketplace plugin supports both protocols, SAML and OAuth, allowing customers to be redirected to the IDP login page upon accessing the substitute link provided by the external customer. However, for this particular requirement, where the client's custom login page needed to be showcased instead of the IDP login page, we leveraged miniOrange's in-house broker. This solution enabled smooth integration of the client's custom login page for authentication, effectively meeting the specific demands of the use case.

How the Solution Works

  • The client's custom login page utilizes JWT tokens for authentication with AWS Cognito.
  • miniOrange integrated the client's login service with its in-house broker as a JWT identity source.
  • The broker is then connected with the SAML/OAuth SSO plugin in JSM using the SAML protocol.
  • When an end-user accesses the miniOrange substitute link, a SAML request is triggered and sent to the miniOrange broker.
  • Upon receiving the SAML request, the miniOrange broker sends a JWT authentication request to the client's login page.
  • Once the JWT token is received at the miniOrange broker callback URL, a SAML response is generated and sent to the plugin.
  • This seamless process results in a streamlined login experience for the end user.

Key Benefits of the Solution:

  • Single Sign-On: Utilized a single Login page to login into the JSM customer portal along with other in-house applications of the client.
  • Enhanced Security: The company was able to ensure that only authorized users can access the Jira Service Desk, enhancing security and preventing unauthorized access.
  • Simplified User Management: User authentication is done through Active Directory, making it easier for the company to manage user access and remove access when an employee leaves the organization.
  • Streamlined Processes: The company was able to streamline their ticket creation process and provide a better user experience to their internal customers.
  • Strengthened Data Protection and Privacy: Our solution ensures that confidential information is protected, and data privacy is maintained.

For similar solutions or just to know more about what we can do in the realm of identity and access management, please contact us at info@xecurify.com or call us at +1 978 658 9387. We would be glad to assist you and find the best solution for your needs.