Joomla SAML Single Sign-On (SSO) – SAML SSO Login Authentication | Login to Joomla

To know more about SSO click here

JOOMLA SINGLE SIGN-ON ( SSO ):-

Joomla Single Sign-On (SSO) is an authentication procedure that allows a user to log in to various apps and/or websites using a single set of login credentials (such as username and password). This eliminates the need for the user to log in to each application individually.

Joomla Single Sign-On Service Provider also enables you to manage login and achieve Single Sign On (SSO) with Azure AD, Azure B2C, GSuite / Google Apps, Okta, ADFS, Keycloak, Salesforce, Office 365, Shibboleth2, Shibboleth3, OneLogin, PingFederate, ClassLink, FusionAuth, Absorb LMS or any SAML compliant Identity Provider so that your users can login to Joomla Site by using Identity Provider’s (IDP) users credentials.

The miniOrange Joomla Single Sign on (SAML SSO) Plugin is a SAML 2.0 Service Provider that can be configured to establish trust between the Joomla site and a SAML 2.0 compliant Identity Provider in order to securely authenticate users to Joomla sites. This makes it feasible for your users to log in to the Joomla site in a safe and secure manner.

Free Version Features:-

• Login Using IDP Credentials – SAML SP helps login to your Joomla site using SAML 2.0 compliant Identity Providers credentials.

• Automatic User Registration – If the user is not already registered with your Joomla site, they will automatically register following a successful login.

• Easy to set up – You can easily configure our plugin with any IDP by simply uploading the IDP metadata file/URL with a single click.

• Basic Group Mapping– Assign the default registered group to users on registration and login.

• Export Configuration– Download the plugin configuration file to transfer your plugin configurations when upgrade your license.

• Update SP Entity ID and base URL.

• Step by step setup guides/ videos.

License Version Features :-

All the Free version features.

• Unlimited user creation and authentication with multiple Identity Providers.

• Single Logout (SLO) – Support for SAML Single Logout where you will be logged out from all applications with single action. (Make sure your IDP also supports SLO)

• Auto-redirect to IDP – If you want to limit access to your website to users who are logged in, then you can choose this option, users will be sent to your IDP if a logged-in session cannot be detected. Then after successful authentication will be redirected to the Joomla site.

• Auto-redirect to IDP for /administrator URL – If you want to restrict the backend of your site to only logged-in users using SSO. Then selecting this option will redirect the users to your IDP if the logged-in session is not found. Then after successful authentication will be redirected to the Joomla backend.

• Backdoor login for Superuser/administrator – In the event that you lose access to your IDP, checking this option establishes a backdoor that allows you to log into your Joomla backend using your Joomla credentials.

• Disable auto-creation of users if the user does not exist – Existing Joomla users are the only ones who can log in using SSO if you enable this functionality. New users won't be created into your Joomla site.

• Advanced Attribute Mapping - Use this feature to map your IDP attributes to your Joomla site attributes like Username, Email, First Name, Last Name, Display Name, user profile attribute, field attributes and contact attributes.

• Advanced Group Mapping – Use this feature to assign Joomla group to your users based on the group sent by your IDP.

• Force Authentication – Force Authentication allows users to redirect to IDP to re-authenticate, even if an active session is detected

• Multiple SAML IDPs Support – We support the configuration of Multiple IDPs in the plugin to authenticate the different groups of users with different IDPs.

• Integrated Windows Authentication – Support for Integrated Windows Authentication (With ADFS)

• Binding Type – Select HTTP-POST or HTTP-Redirect binding type to use for sending SAML Requests.

• Generate Custom SP Certificate - You can upload or generate your own certificates.

• Select a Signature algorithm - You can select any signing algorithm according to your requirement.

• Anonymous user - Joomla SAML Single Sign On (SSO) also enables Anonymous Connect (Guest User Login) for your Joomla site, allowing your users to login to the Joomla site using their IDP credentials without having to create new users.

• Auto-sync IDP Configuration from metadata

• Store Multiple IDP certificates

• Custom admin Login URL

• Customize plugin depending upon the requirement

If you want to see license version features of plugin you can prefer this video demonstration.

JOOMLA SINGLE SIGN-ON ( SSO ) SUPPORTED ADD-ONS

We have various add-ons to extend the functionality of SAML SSO plugin which can be easily integrated with your Joomla site.

• Page and Article Restriction – Page and Article Restriction allows you to prevent unauthorized users from accessing certain pages or articles, as well as redirecting users to a specific page after SSO.

• Integrate with Community Builder – It enables you to link the Community Builder profiles together. So that you can easily map the community builder's attributes with the IDPs attributes.

• SSO Login Audit – This addon captures all actions of SSO users and will generate the reports.

• Role Based Redirection – This add-on allows you to redirect your users to specific pages/articles based on the roles/groups of the users in Joomla site.

• Media Restriction – This add-on allows you to prevent users who are not logged in from accessing certain files or folders.

• Cross Domain Login between Joomla Sites – You may share the login across two Joomla websites (cross-domain, same domain, or sub-domain) by simply entering the other Joomla site URL in the plugin configuration settings. By including the HTML button on the current Joomla site, the user will be able to log in to the other Joomla domain. Please ensure that this plugin has been installed and activated on both Joomla sites. In order to access this function, users must be present on both sites.

JOOMLA SINGLE SIGN-ON ( SSO ) USE-CASES:

Joomla SAML Single Sign On ( SSO ) supports all kinds of SSO use cases such as Azure login into Joomla, Office 365 Single Sign On SSO, Login with Azure B2C, Azure B2C login, Login with Azure AD B2C, Azure AD B2C login, ADFS login into Joomla, Login with ADFS, Okta login, OneLogin SSO, Salesforce login, Login using Salesforce, Google Apps login, Google Apps Single Sign On SSO, Login with Google Apps, Login using G Suite, Gsuite login into Joomla, Keycloak login, Auth0 login, Shibboleth login, Login using Shibboleth, Login with Ping, PingFederate login, ClassLink SSO, FusionAuth SSO, Absorb LMS SSO etc allowing your users to securely login to the Joomla site.

Azure AD SAML SSO

Azure SSO use cases supported by the Joomla SAML Single Sign On (SSO) plugin include Azure AD SSO (Azure AD Single Sign-On), Azure B2C SSO, Azure B2C login, Login with Azure AD, Login using Azure AD, Office 365 SSO (Office 365 Single Sign On SSO), Login with Office 365, Office 365 Login, Login with Azure B2C, Login with Azure AD B2C login.
You may allow users from several Azure or Office 365 tenants to login to your Joomla site.

You may watch this video to learn how to set up Azure AD SSO with Joomla.

We provide support for SSO with Azure AD Multi-tenants, Azure AD B2B Login as well as Azure AD B2C login.

The Joomla SAML Single Sign On SSO plugin enables users from any Azure AD tenancy to login to the Joomla site.

Google Apps SAML SSO

The Joomla SAML Single Sign On SSO plugin supports SSO with G Suite / Google Apps (Google Apps Login / Login with G Suite / Login with Google Apps / G Suite login), allowing users in your organization to log in to your Joomla site using their organization's Google Apps credentials.

We offer seamless integration between Joomla Single Sign On (SSO) and Google Apps Login (Login with Google Apps), allowing you to assign Roles / Groups controls to your users based on their membership in Google Groups or Organizational Units.

Our Joomla SSO plugin enables showing user’s Google Profile photo in place of their avatars across out the site (available with Custom integration) in addition to Google Apps Login / SSO with GSuite / Login using G Suite / Login with Google Apps / Login using Google Apps / G Suite login.

You may watch this video to learn how to set up Google Apps SSO with Joomla.

PingFederate SAML SSO

The Joomla SAML Single Sign On (SSO) plugin is Federation-compatible, allowing your students or employees to connect to the Joomla site using their university credentials from any federation such as IN Common, HAKA, HKAF, and so on.
The Federation SSO add-on is required to enable the Federation Joomla Single Sign-On (SSO).

Salesforce Community SAML SSO

The Joomla SAML Single Sign On SSO plugin enables your Salesforce community users to log in to the Joomla site using their Salesforce user’s credentials (Login with Salesforce / Salesforce Login).
Salesforce Login / Salesforce Single Sign-On / Salesforce Community SSO /Login using Salesforce, are all supported by our Joomla Single Sign-On (SAML SSO) plugin.

Keycloak SAML SSO

The Joomla SAML Single Sign On SSO plugin supports Single Sign-On SSO with Keycloak / Login with Keycloak / Keycloak Login / Keycloak Single Sign-On, allowing users to log in to your Joomla site using their Keycloak server credentials (Keycloak SSO). Users can be assigned different Joomla roles/groups depending on their Keycloak groups and Keycloak capabilities.

You may watch this video to learn how to set up Keycloak SSO with Joomla.

ADFS SAML SSO

Your users can login to Joomla site by using your ADFS user’s credentials.
Login with ADFS / ADFS SSO employs the secure SAML authentication as suggested by ADFS, including 2-factor Auth if enabled for your ADFS accounts.
ADFS Login / Login with ADFS / ADFS SSO (ADFS Single Sign On) enables you to connect your Joomla site to multiple ADFS servers.

You may watch this video to learn how to set up ADFS SSO with Joomla.

OneLogin SSO

The Joomla SAML Single Sign On (SSO) plugin supports all OneLogin SSO use cases, including login to Joomla using OneLogin users’ credentials. We also offer OneLogin integration to automate user creation, updating, and deletion from OneLogin to your Joomla site.

You may activate OneLogin User Provisioning by utilizing our SCIM user provisioning add-on along with SAML SSO plugin.

Our Joomla SAML Single Sign-On plugin also supports SSO for school and university use-cases such as ClassLink SSO or ClassLink Login onto your Joomla site (ClassLink Single Sign-On).

LIST OF SUPPORTED IDPS

• Azure AD (Login with Azure AD)
• Azure AD B2C (Login using Azure AD B2C)
• Keycloak (Login with Keycloak)
• ADFS (Login with ADFS)
• Okta (Login with Okta)
• Salesforce (Login using Salesforce)
• Shibboleth2 (Login using shibboleth2)
• Shibboleth3 (Login with shiboleth3)
• GSuite login / Login with Google Apps / Login using Google Apps directory (Login GSuite login/google apps)
• miniOrange IDP (supports SAML SSO)
• Onelogin (Login with Onelogin)
• Centrify (Login with Centrify)
• SimpleSAMLphp (Login with SimpleSAMLphp )
• OpenAM (Login with OpenAM)
• Ping Federate (Login with Ping)
• PingOne (PingOne SSO)
• RSA Secure ID (Login with RSA Secure ID)
• Oracle (Login with Oracle)
• Bitium (Login with Bitium)
• WSO2 (Login with WSO2)
• NetIQ (supports SAML SSO)
• LastPass (LastPass SSO)
• Auth Anvil (Auth Anvil SSO)
• Auth0 (Login with Auth0)
• Windows sso (Login with Windows sso)
• Wordpress (Login with Wordpress)
• Drupal (Login with Drupal)
• Office 365 (Login with Office 365)
• Salesforce community (Login with Salesforce community)
• Classlink (Login with Classlink)
• Absorb LMS (Login with Absorb LMS)
• Gluu server (Login with Gluu server)
• Jumpcloud (Login with Jumpcloud)
• Identity server4 (Login with Identity server4)
• Degreed (Login with Degreed)
• CyberArk (Login with CyberArk)
• Duo (Login with Duo)
• Fusion Auth (Login with Auth)
• SiteMinder (Login with SiteMinder)
• SecureAuth (Login with SecureAuth)
• Fonteva (Login with Fonteva)
• SURFContext (Login with SURFContext)
• Phenixld (Login with Phenixld)
• OpenAthens (Login with OpenAthens)
• CA Identity (Login with CA Identity)
• IBM (Login with IBM)
• Magento (Login with Magento)
• VMware (Login with VMware) and practically any SAML-compliant Identity Provider.

If you require any Single Sign On ( SSO ) application or need any help with installing this plugin, please feel free to email us at joomlasupport@xecurify.com or Contact us.

REAL TIME USER PROVISIONING USING SCIM

It provides real time user-provisioning (sync) from your IDP to your Joomla site using SCIM(System for Cross-domain Identity Management) standard. SCIM is an open standard HTTP-based protocol for automating the communication of user identification information between identity domains, or IT systems. SCIM intends to make cloud user provisioning and management as simple as possible. When an Identity Provider creates, updates, or deletes a user, that user will also be added, updated, or deleted from the Joomla site. Your IDP should be supported for the SCIM standard to the User Provisioning (sync) in order to utilize this plugin.

Dependencies
NONE
24/7 Support
If you require any SAML Single Sign On (SSO) extensions or need any assistance with installing this plugin or if you have any questions, please feel free to reach out to us on our 24*7 support at joomlasupport@xecurify.com or Contact us.
WEBSITE
You can visit our website to find out more security related solutions https://plugins.miniorange.com/joomla/. For more support or info email us at joomlasupport@xecurify.com. You can also submit your query from the plugin’s configuration page.