Joomla SAML Single Sign-On (SSO) – SAML SSO Login Authentication | Login to Joomla

To know more about SSO click here

JOOMLA SINGLE SIGN-ON ( SSO ):-

Joomla Single Sign-On (SSO) is an authentication procedure that allows a user to log in to various apps and/or websites using a single set of login credentials (such as username and password). This eliminates the need for the user to log in to each application individually.

Joomla Single Sign-On Service Provider also enables you to manage login and achieve Single Sign On (SSO) with Azure AD, Azure B2C, ADFS, Keycloak, GSuite / Google Apps, Okta, Salesforce, Office 365, Shibboleth2, Shibboleth3, OneLogin, PingFederate, ClassLink, FusionAuth, Absorb LMS or any SAML compliant Identity Provider so that your users can login to Joomla Site by using Identity Provider’s (IDP) users credentials.

The miniOrange Joomla Single Sign on (SAML SSO) Plugin is a SAML 2.0 Service Provider that can be configured to establish trust between the Joomla site and a SAML 2.0 compliant Identity Provider in order to securely authenticate users to Joomla sites. This makes it feasible for your users to log in to the Joomla site in a safe and secure manner.

Joomla SAML Single Sign On ( SSO ) supports all kinds of SSO use cases such as Azure login into Joomla, Azure AD login into Joomla, Azure AD SSO(Azure AD Single Sign-On), Login with Azure AD, Login using Azure AD, Login with Office 365, Office 365 login, Office 365 Single Sign On SSO, Login using Office 365, Login with Azure B2C, Azure B2C login, Login with Azure AD B2C, Azure AD B2C login, ADFS login into Joomla, Login with ADFS, Okta login, OneLogin SSO, Salesforce login, Login using Salesforce, Google Apps login, Google Apps Single Sign On SSO, Login with Google Apps, Login using Google Apps, Login using G Suite, Gsuite login into Joomla, Keycloak login, Keycloak SSO, Auth0 login, Shibboleth login, Login with Shibboleth, Login using Shibboleth, Login with Ping, PingFederate login, PingFederate SSO, ClassLink SSO, FusionAuth SSO, Absorb LMS SSO etc allowing your users to securely login to the Joomla site.

Free Version Features:-

• Login Using IDP Credentials - SAML SP helps login to your Joomla site using SAML 2.0 compliant Identity Providers.

• Automatic User Registration – the user will auto-register after login if the user is not already registered with your site.

• Easy to setup
  You can easily configure our plugin with any IDP by simply uploading the IDP metadata file/URL with a single click.

• Basic Role Mapping– Assign the default role to users on registration and login.

• Export Configuration– Download the plugin configuration file to transfer your plugin configurations when you change your Joomla instance.

• Update SP Entity ID and base URL
• Step by step setup guides/ videos.

License Version Features :-

All the Free version features.

• Unlimited Authentication with multiple Identity Providers.

• Single Logout (SLO) – Support for SAML Single Logout (Make sure your IdP also supports SLO)

• Auto-redirect to IDP – If you want to restrict your site to only logged in users. Selecting this option will redirect the users to your IdP if logged in session is not found.

• Backdoor login for Superuser/administrator – Checking this option creates a backdoor to login to your website using Joomla credentials in case you get locked out of your IDP.

• Disable auto-creation of users if the user does not exist – If you enable this feature new users won't be created, only existing users can log in using SSO.

• Advanced Attribute Mapping - Use this feature to map your IDP attributes to your Joomla site attributes like Username, Email, First Name, Last Name, Group/Role, Display Name.

• Advanced Role Mapping – Use this feature to assign Joomla roles to your users based on the group/role sent by your IDP.

• Force Authentication – Force Authentication allows users to redirect to IDP if the user is not logged in.

• Multiple SAML IDPs Support – We support the configuration of Multiple IDPs in the plugin to authenticate the different groups of users with different IDPs.

• Backend and Frontend Login – If a user is Super User, the user will be logged into both the frontend and backend of the site. No need to sign in again in the admin panel (backend) for

• Super User, once he is logged into the frontend of the site via Single Sign-On.
  Integrated Windows Authentication – Support for Integrated Windows Authentication (With ADFS)

• Binding Type – Select HTTP-POST or HTTP-Redirect binding type to use for sending SAML Requests.

• Generate Custom SP Certificate - You can upload or generate your own certificates.
  Select a Signature algorithm

• Auto-sync IdP Configuration from metadata

• Store Multiple IDP certificates

• Custom admin Login URL

• Anonymous user - Joomla SAML Single Sign On (SSO) also enables Anonymous Connect (Guest User Login) for your Joomla site, allowing your users to login to the Joomla site using their IdP credentials without having to create new users.

• Customize plugin depending upon the requirement
  If you want to see license version features of plugin you can prefer this video demonstration.

JOOMLA SINGLE SIGN-ON ( SSO ) SUPPORTED ADD-ONS

We have various add-ons to extend the functionality of SAML SSO plugin which can be easily integrated with your Joomla site.

• Page Restriction – Page restriction allows you to prevent unauthorized users from accessing certain pages or articles, as well as redirecting users to a specific page after SSO.

• Integrate with Community Builder :- It enables you to link the Community Builder profiles together. So that you can easily map the community builder's attributes with the IDPs attributes.

• SSO Login Audit – You can easily monitor your logged in users at one place.
  Attribute Based Redirection –This add-on allows you to redirect your users to specific pages/articles based on the attributes.

• Role Based Redirection - This add-on allows you to redirect your users to specific pages/articles based on the roles/groups of the users in Joomla site.

• Cross Domain Login between Joomla Sites :- You may share the login across two Joomla websites (cross-domain, same domain, or sub-domain) by simply entering the other Joomla site URL in the plugin configuration settings. By including the HTML button on the current Joomla site, the user will be able to log in to the other Joomla domain. Please ensure that this plugin has been installed and activated on both Joomla sites. In order to access this function, users must be present on both sites.

JOOMLA SINGLE SIGN-ON ( SSO ) USE-CASES:

Azure AD SAML SSO

Azure SSO use cases supported by the Joomla SAML Single Sign On (SSO) plugin include Azure AD SSO (Azure AD Single Sign-On), Azure B2C SSO, Azure B2C login, Login with Azure AD, Login using Azure AD, Office 365 SSO (Office 365 Single Sign On SSO), Login with Office 365, Office 365 Login, Login with Azure B2C, Login with Azure AD B2C login.
You may allow users from several Azure or Office 365 tenants to login to your Joomla site.

You may watch this video to learn how to set up Azure AD SSO with Joomla.

We provide support for SSO with Azure AD Multi-tenants, Azure AD B2B Login as well as Azure AD B2C login.

The Joomla SAML Single Sign On SSO plugin enables users from any Azure AD tenancy to login to the Joomla site.

Google Apps SAML SSO

The Joomla SAML Single Sign On SSO plugin supports SSO with G Suite / Google Apps (Google Apps Login / Login with G Suite / Login with Google Apps / G Suite login), allowing users in your organization to log in to your Joomla site using their organization's Google Apps credentials.

We offer seamless integration between Joomla Single Sign On (SSO) and Google Apps Login (Login with Google Apps), allowing you to assign Roles / Groups controls to your users based on their membership in Google Groups or Organizational Units.

Our Joomla SSO plugin enables showing user’s Google Profile photo in place of their avatars across out the site (available with Custom integration) in addition to Google Apps Login / SSO with GSuite / Login using G Suite / Login with Google Apps / Login using Google Apps / G Suite login.

PingFederate SAML SSO

The Joomla SAML Single Sign On (SSO) plugin is Federation-compatible, allowing your students or employees to connect to the Joomla site using their university credentials from any federation such as IN Common, HAKA, HKAF, and so on.
The Federation SSO add-on is required to enable the Federation Joomla Single Sign-On (SSO).

Salesforce Community SAML SSO

The Joomla SAML Single Sign On SSO plugin enables your Salesforce community users to log in to the Joomla site using their Salesforce user’s credentials (Login with Salesforce / Salesforce Login).
Salesforce Login / Salesforce Single Sign-On / Salesforce Community SSO /Login using Salesforce, are all supported by our Joomla Single Sign-On (SAML SSO) plugin.

Keycloak SAML SSO

The Joomla SAML Single Sign On SSO plugin supports Single Sign-On SSO with Keycloak / Login with Keycloak / Keycloak Login / Keycloak Single Sign-On, allowing users to log in to your Joomla site using their Keycloak server credentials (Keycloak SSO). Users can be assigned different Joomla roles/groups depending on their Keycloak groups and Keycloak capabilities.

ADFS SAML SSO

Your users can login to Joomla site by using your ADFS user’s credentials.
Login with ADFS / ADFS SSO employs the secure SAML authentication as suggested by ADFS, including 2-factor Auth if enabled for your ADFS accounts.
ADFS Login / Login with ADFS / ADFS SSO (ADFS Single Sign On) enables you to connect your Joomla site to multiple ADFS servers.

OneLogin SSO

The Joomla SAML Single Sign On (SSO) plugin supports all OneLogin SSO use cases, including login to Joomla using OneLogin users’ credentials. We also offer OneLogin integration to automate user creation, updating, and deletion from OneLogin to your Joomla site.

You may activate OneLogin User Provisioning by utilizing our SCIM user provisioning add-on along with SAML SSO plugin.

Our Joomla SAML Single Sign-On plugin also supports SSO for school and university use-cases such as ClassLink SSO or ClassLink Login onto your Joomla site (ClassLink Single Sign-On).

Firebase Authentication
The Firebase Authentication SDK includes methods for creating and managing users who sign in with their email addresses and passwords.

LIST OF SUPPORTED IDPS

• Azure AD (Login with Azure AD)
• Azure AD B2C (Login using Azure AD B2C)
• Keycloak (Login with Keycloak)
• ADFS (Login with ADFS)
• Okta (Login with Okta)
• Salesforce (Login using Salesforce)
• Shibboleth2 (Login using shibboleth2)
• Shibboleth3 (Login with shiboleth3)
• GSuite login / Login with Google Apps / Login using Google Apps directory (Login GSuite login/google apps)
• miniOrange IDP (supports SAML SSO)
• Onelogin (Login with Onelogin)
• Centrify (Login with Centrify)
• SimpleSAMLphp (Login with SimpleSAMLphp )
• OpenAM (Login with OpenAM)
• Ping Federate (Login with Ping)
• PingOne (PingOne SSO)
• RSA Secure ID (Login with RSA Secure ID)
• IBM (Login with IBM)
• Oracle (Login with Oracle)
• Bitium (Login with Bitium)
• WSO2 (Login with WSO2)
• NetIQ (supports SAML SSO)
• LastPass (LastPass SSO)
• Auth Anvil (Auth Anvil SSO)
• Auth0 (Login with Auth0)
• Windows sso (Login with Windows sso)
• Wordpress (Login with Wordpress)
• Drupal (Login with Drupal)
• Magento (Login with Magento)
• Office 365 (Login with Office 365)
• Salesforce community (Login with Salesforce community)
• Classlink (Login with Classlink)
• Absorb LMS (Login with Absorb LMS)
• Gluu server (Login with Gluu server)
• Jumpcloud (Login with Jumpcloud)
• Identity server4 (Login with Identity server4)
• VMware (Login with VMware)
• Degreed (Login with Degreed)
• CyberArk (Login with CyberArk)
• Duo (Login with Duo)
• Fusion Auth (Login with Auth)
• SiteMinder (Login with SiteMinder)
• SecureAuth (Login with SecureAuth)
• Fonteva (Login with Fonteva)
• SURFContext (Login with SURFContext)
• Phenixld (Login with Phenixld)
• OpenAthens (Login with OpenAthens)
• CA Identity (Login with CA Identity) and practically any SAML-compliant Identity Provider.

If you require any Single Sign On ( SSO ) application or need any help with installing this plugin, please feel free to email us at joomlasupport@xecurify.com or Contact us.

REAL TIME USER PROVISIONING USING SCIM

It provides real time user-provisioning (sync) from your IDP to your Joomla site using SCIM(System for Cross-domain Identity Management) standard. SCIM is an open standard HTTP-based protocol for automating the communication of user identification information between identity domains, or IT systems. SCIM intends to make cloud user provisioning and management as simple as possible. When an Identity Provider creates, updates, or deletes a user, that user will also be added, updated, or deleted from the Joomla site. Your IDP should be supported for the SCIM standard to the User Provisioning (sync) in order to utilize this plugin.
Joomla SCIM plugin features.

Dependencies
NONE
24/7 Support
If you require any SAML Single Sign On (SSO) extensions or need any assistance with installing this plugin or if you have any questions, please feel free to reach out to us on our 24*7 support at joomlasupport@xecurify.com or Contact us.
WEBSITE
You can visit our website to find out more security related solutions https://plugins.miniorange.com/joomla/. For more support or info email us at joomlasupport@xecurify.com. You can also submit your query from the plugin’s configuration page.