Browse Docs
MiniOrange Integration
Configuring MiniOrange Integration
Configuring MiniOrange integration with DefensX requires 3 basic steps:
-
Create a JWT application on MiniOrange and configure the attributes which will be used to map user groups in DefensX
-
Update the MiniOrange integration settings in DefensX Backend
-
Deploy the DefensX Agents with Enable IAM User option selected
Creating JWT Application on MiniOrange
Login your MiniOrange portal and click on the Apps and click on the Add Application button:
On the next step you will be prompted about which type of application you want to create. In this step, click on the JWT group.
After that you will see a list of applications with icons. In this step please select the application icon named JWT App like below:
Now you will be redirected to application settings page of the newly created app. Just enter following inputs in this page:
| Setting | Description |
|---|---|
Custom App Name |
DefensX Integration |
Redirect-URL |
|
Group Name |
Just leave it as "DEFAULT" |
Policy Name |
Just leave it as is, you can also change the name and create some rules later about the restrictions for this integration |
Login Method |
You can select the default Password method or OTP/Push/Mobile Token if you want |
and click on the Save button.
Getting SSO URL from MiniOrange
Your application created, now you can get Single Sign-On URL specific to your newly created application. To do so, please click on the Apps link from the left menu, find your newly created app, click on the Select link on the line and select the Edit menu item here:
In the application settings page below, please make following settings:
| Setting | Description |
|---|---|
Primary Identity Provider |
Select your primary identity provider in MiniOrange system |
Attributes |
Do not make any settings in this section. All of user attributes (including custom profile attributes) will be provided by MiniOrange to DefensX when a user trying to use Single Sign-On |
Single Sign-on URL |
You’ll need to copy this URL and paste it on the DefensX backend at the last step |
Downloading MiniOrange Application Certificate
In order to make integration secure, you need to download the certificate for the newly created app and use it on the last step when configuring the app within DefensX backend.
To do this:
-
click on the Apps link on the left menu
-
find the newly created DefensX Integration application and click on the Select link on the right hand side
-
click on the Certificate item which will trigger a download a file named RSA256Cert.crt
We’ll use this certificate file on the next step.
|
Tip
|
If you’re getting a 404 error while trying to download the certificate from MiniOrange, please wait a few seconds and try it again. |
Configuring MiniOrange in DefensX Backend
Now application setup completed on the MiniOrange, you just need to make a few configuration in DefensX backend.
Login the DefensX Backend, go to Settings → MiniOrange Integration page and make following settings to complete your integration:
| Key | Description |
|---|---|
Single Sign-On URL |
Just paste the Single Sign-On URL which you can copy it from the Apps → DefensX Integration → Edit menu. |
MiniOrange Client ID |
If you have copy pasted Single Sign-ON URL (which also includes Client ID) it will automatically pasted here too. But if that doesn’t work, you can copy your MiniOrange client id here manually |
Attribute name of the user’s groups |
If you want to use a custom profile attribute in MiniOrange to differentiate users in DefensX, just enter the attribute name here (case sensitive). Otherwise, you should enter |
MiniOrange Certificate |
Click on the Upload PEM Certificate button and select the downloaded certificate file on previous step |
and click on the Save button.
Go to the Settings → Global Settings and enable the MiniOrange Signin feature if it is not enabled.
Testing
You have configured your MiniOrange → DefensX Integration application. Now it is time to install DefensX Agent in a computer.
In this step, please make sure to Enable IAM User option is not disabled while deploying the agent. You can also choose to create another "Endpoint Deployment Group" with selecting "External Identity Provider" when asked.
|
Caution
|
If the Enable LOGON User option is also enabled, a user in DefensX backend will be created on behalf of Windows Logon user. If you don’t want to create users like this way, it is important to disable the "Enable LOGON User" feature when deploying the agent. |
After your DefensX Agent starts running on the client computer, please find the DefensX icon in the Tray Applications, click on the icon and select the Sign in menu. You’ll be redirected to the MiniOrange backend and if you don’t have a session on the MiniOrange, it will ask your credentials to authenticate yourself. Afterwards you’ll be redirected to DefensX and your user and group relationships will be created DefensX automatically.
|
Warning
|
When you’ve created the application in the MiniOrange, it can take up to 10 minutes to become active in Single Sign-On integration. If you’re getting error, please wait a few minutes and try again. |