Google Apps SSO

  • Kalpesh
    # 4 years, 9 months ago

    Hi,

    With above steps, if you go to mail.abc.com it will redirect you to miniOrange without showing google page.

    So you have to login only one time.

    Thanks,
    Kalpesh

    Natanael
    # 4 years, 9 months ago

    Hi Kalpesh,

    Our client was testing the SSO and there are some question :

    1. They try to connect IMAP or POP3 using outlook or thunderbird, but the connection always failed. Can we still use IMAP or POP3 when we use miniorange?

    2. Issue about logout page, if we use this log URL :
    https://auth.miniorange.com/moas/logout

    after logout google will direct to this page :


    if I login again using this window and click the user name button, miniorange will direct me to new window and I must fill the password.
    The problem is, after I fill the password and login, miniorange will direct me to this window :


    Our client wants to redirect to Gmail directly not to this page.
    If miniorange can redirect to Gmail, so the problem will solve.

    Beside that, I tried to use SAML Logout in Lougout URL :
    https://auth.miniorange.com/moas/abc.com/idp/samllogout

    if we use that link, when we logout, miniorange will direct us to this page :


    after we fill the username and password, miniorange will direct us to the correct page, (Gmail Page).This scenario is that our client needs.

    But the problem is, if we close the browser and open the browser again and type mail.abc.com in browser address bar, browser will redirect us to Gmail page without login page and user not required fill the username and password.
    I think this is like browser still have the previous cache and cookies, so user can go to gmail without login.  All browser give us the same result. Our client worried about this security issue.
    Please let me know, what is the best solution for this problem?

    3. We want to whitelist miniorange IP in our client network environment, please let me know miniorange IP4 or IP6 which is for IP Whitelist.

    4. I have a little problem with Bulk User Registration, but this is not urgent. We can discuss this after our client agrees and buy miniorange license.

    I will be grateful for any help you can provide. Thanks.

    Best Regards,

    kalpesh
    # 4 years, 9 months ago

    Hi,

    I am sending you answers to your queries. Please check my response below.

    1) Yes. You can still use IMAP or POP3 with miniorange SSO enabled. Can you check in gmail settings that IMAP/POP is enable for account with which you are trying. You can refer this link.

    2) Can you change logout url to below url in your google apps SSO configuration. This will fix you issue.
    https://auth.miniorange.com/moas/logout?redirectto=http://gmail.com

    3) You can whitelist our IP addresses xx.x.xxx.x and xx.x.xxx.x.

    Let me know if you get any issue with above setup.

    Thanks,
    Kalpesh

    Natanael
    # 4 years, 9 months ago

    Hi Kalpesh,

    Thank you for the quick answer Kalpesh. Number 2 and 3 I have try and that can fix the problem, thank you so much.

    for question number 1, I have try that link if using thunderbird, if using normal password we can’t connected with google :

    We can use ouath2 and thunderbird will direct us to miniorange login password :


    we can use this solution in thunderbird but we can’t use this solution for microsoft outlook because outlook can’t use ouath2 authentication:


    Port configuration :


    when we tried to connect abc.gmail.com, always show this error. We use miniorange password.


    If you want to try, you can use that user. This is the credential for that user
    U: test2@abc.com
    P: abcd2017

    Please let me know if there any wrong configuration in outlook setup or I forgot.
    I will be grateful for any help you can provide.

    Thanks.

    Kalpesh
    # 4 years, 9 months ago

    Hi,

    I can try it on my end. Can you create account for me in google apps and send me credentials for login. You will need to also create account for same user in miniOrange and send me credentials for miniOrange also.

    I tried with test2@abc.com but it says account does not exist.

    Thanks,
    Kalpesh

    Kalpesh
    # 4 years, 9 months ago

    Hi Kalpesh,

    Test2@abc.com is new account which created for testing.
    I can login using that account at webmail : mail.abc.com

    password : abcd2017

    For administrator you can access using this account :
    xyz@abc.com
    password : abcde2017

    Thanks.

    Natanael
    # 4 years, 9 months ago

    Nat,

    Thanks for sending me that. I will update you soon.

    Thanks,
    Kalpesh

    Kalpesh
    # 4 years, 9 months ago

    Hi,

    Please check attached guide to configure google apps with outlook. This will also use existing IP restriction configuration to block access outside the office.

    Let me know if you get any issue in setup.

    Thanks,
    Kalpesh

    Natanael
    # 4 years, 9 months ago

    Thanks Kalpesh.

    Muhammad Tahir
    # 3 years, 11 months ago

    Hi,
    I have installed WP plugin for google SAML SSO. i have followed the instructions on the url below https://www.miniorange.com/step-by-step-guide-to-set-up-google-apps-as-idp-for-wordpress

    when i click on test configuration i am getting Error: app_not_configured_for_user. what could be the reason. what did i do wrong?
    Please help

    Kalpesh
    Keymaster
    # 3 years, 11 months ago

    Hi Muhammad.

    Can you please confirm if you have enabled applications for users.

    You need to perform steps below for that.

    Go to configured SAML App, click on the menu link corresponding to your app (See the screenshot below). Then select ON for everyone.

    Let me know if you still see the issue.

Viewing 11 posts - 16 through 26 (of 26 total)

You must be logged in to reply to this topic.