Windows Single Sign-On (SSO) for University of Aruba
The University of Aruba (UA) is a modern University offering higher education, research, and social services to Aruba and the surrounding regions. The current four Faculties and the various University Centers strive to contribute to the academic discussion, participate in the sustainable development of Aruba, and promote critical open-minded thinking. Providing these services is a critical part of UA’s mission to give back to the Aruban community.
miniOrange provides a Windows Single Sign On solution for the University of Aruba which allows students and staff to SSO into their day to day applications from inside or outside the university. In the university, after the students authenticate themselves into the Windows domain/laptop once, they will be able to login to the configured applications ( say GSuite for example ) without re-entering their credentials for any of them or without authenticating with their AD again.
How does miniOrange Single Sign-On service work for University of Aruba?
miniOrange has achieved this solution by, installing a component on the Windows Server that acts as an Identity Provider and performs Kerberos authentication. When a staff or student tries to access a cloud application like GSuite (Google Apps), the request is sent to the miniOrange SSO Server. The miniOrange SSO Server, in turn, asks the miniOrange Identity Provider module installed in the Windows machine if a user is logged into the machine, and performs SSO based on the response from the module.
For those accessing applications from outside the university network, when miniOrange Identity Provider module finds that the student or staff is not logged in, they are prompted to enter AD credentials and miniOrange SSO Server performs SSO based on this authentication.
This solution involves 3 steps basically –
1. Enabling Windows/Kerberos Authentication on Domain
2. Installing the miniOrange SAML module in Windows and configuring it with the miniOrange SSO server and adding the miniOrange SAML module ( installed on the Windows Machine ) as an Identity Source in the miniOrange SSO server.
3. Connecting cloud applications to miniOrange SSO server
To reduce syncing tasks for administrators, miniOrange also has deployed a Directory Sync tool in the DMZ of the university which syncs the users from Active Directory (AD) to miniOrange, and if the user changes their password from the miniOrange Console, it will be updated in the AD as well.
Advantages of using miniOrange SSO
- Ease Of Access – For the students and staff of the university, it reduces the responsibility of managing multiple sets of usernames and passwords for different applications and lets them log in with one set of credentials.
- Ease of Password change – The staff and students now have a console (miniOrange SSO Server console) from where they can easily change their account passwords. Their passwords are synced to an AD.
- Ease of User Sync – There is no need to worry about syncing the users between miniOrange and AD for the administrator. Any new staff or student who gets added in the AD, are synced to miniOrange.
- Cost Effective – This solution is very cost effective, given the pricing we offer for the miniOrange SAML SSO module installed on-premise, the Directory Sync Tool, and provisioning of other solutions.