miniOrange Identity Brokering Service establishes trust between parties wanting to use each other's online identities. It connects multiple Service Providers (SPs) with different Identity Providers (IdPs), eliminating the need to implement complex Single Sign-On (SSO) protocols like SAML, OAuth, OpenID, and CAS. Supporting cross-protocol configurations, it allows Service Providers and Identity Providers using different protocols to connect seamlessly. miniOrange Identity Broker service provides secure and easy access to all your services. It offers flexible deployment options, allowing deployment in your organization's existing environment, whether cloud-based or on-premise. It supports various Identity Providers like ADFS, Microsoft Entra ID, Google Apps, Okta, and user stores like AD/LDAP, databases, CMS, and HR systems.

Features:

• Flexible Identity Provider Integration: Admins can configure multiple SAML, OAuth, and OpenID Connect Identity Providers and define which users or applications authenticate against specific identity sources.
• App based Identity Source: Admins can configure which Identity Source should the users be authenticated from if the authentication request originates from a particular app.
• Domain-based redirection to IDP: Admins can configure the domains of the users who would authenticate against any SAML, OAuth, etc Identity Provider through Identity Broker Service.
• IDP discovery: Users can be redirected to a particular Identity Source automatically without prompting the user to choose his/her Identity Source on each login attempt.
• Assertion Attribute Mapping: Users can get attributes from their IdP and map them to SP user attributes like firstname, lastname with support for custom attributes through miniOrange Broker.
• IDP / SP initiated SSO: With IdP Brokering, users can start SSO from Service Provider (SP) and are then redirected to the Identity Provider (IDP) for authentication and vice-versa.

Login using IDP selection page miniOrange provides Login using the IDP selection page feature, where you can configure multiple IDPs (identity providers) and give users the option to select the IDP of their choice to authenticate with for brokering. Login via Domain Mapping miniOrange Identity Broker Service provides Login via Domain Mapping feature when you have multiple IDPs and you want a certain set of users to authenticate from one IdP whereas another set of users to authenticate from another IdP based on their email domains. Login via App Identity Provider Mapping miniOrange provides Login via App Identity Provider Mapping feature when you have multiple IDPs (identity provider) and you want a certain application user to authenticate with one IDP and other application users with another IDP.