ONLINE DOCUMENTATION
www.defensx.com
Secure Industries, Inc 101 Avenue of The Americas, Floor 9 New York, NY 10013

MiniOrange Integration

Configuring MiniOrange Integration

Configuring MiniOrange integration with DefensX requires 3 basic steps:

  • Create a JWT application on MiniOrange and configure the attributes which will be used to map user groups in DefensX

  • Update the MiniOrange integration settings in DefensX Backend

  • Deploy the DefensX Agents with Enable IAM User option selected

Creating JWT Application on MiniOrange

Login your MiniOrange portal and click on the Apps and click on the Add Application button:

1

On the next step you will be prompted about which type of application you want to create. In this step, click on the JWT group.

After that you will see a list of applications with icons. In this step please select the application icon named JWT App like below:

2

Now you will be redirected to application settings page of the newly created app. Just enter following inputs in this page:

Setting Description

Custom App Name

DefensX Integration

Redirect-URL

https://cloud.defensx.com/miniorange/callback

Group Name

Just leave it as "DEFAULT"

Policy Name

Just leave it as is, you can also change the name and create some rules later about the restrictions for this integration

Login Method

You can select the default Password method or OTP/Push/Mobile Token if you want

and click on the Save button.

Getting SSO URL from MiniOrange

Your application created, now you can get Single Sign-On URL specific to your newly created application. To do so, please click on the Apps link from the left menu, find your newly created app, click on the Select link on the line and select the Edit menu item here:

3

In the application settings page below, please make following settings:

Setting Description

Primary Identity Provider

Select your primary identity provider in MiniOrange system

Attributes

Do not make any settings in this section. All of user attributes (including custom profile attributes) will be provided by MiniOrange to DefensX when a user trying to use Single Sign-On

Single Sign-on URL

You’ll need to copy this URL and paste it on the DefensX backend at the last step
orange4

Downloading MiniOrange Application Certificate

In order to make integration secure, you need to download the certificate for the newly created app and use it on the last step when configuring the app within DefensX backend.

To do this:

  • click on the Apps link on the left menu

  • find the newly created DefensX Integration application and click on the Select link on the right hand side

  • click on the Certificate item which will trigger a download a file named RSA256Cert.crt

We’ll use this certificate file on the next step.

Tip
 If you’re getting a 404 error while trying to download the certificate from MiniOrange, please wait a few seconds and try it again.

Configuring MiniOrange in DefensX Backend

Now application setup completed on the MiniOrange, you just need to make a few configuration in DefensX backend.

Login the DefensX Backend, go to SettingsMiniOrange Integration page and make following settings to complete your integration:

Key Description

Single Sign-On URL

Just paste the Single Sign-On URL which you can copy it from the AppsDefensX IntegrationEdit menu.

MiniOrange Client ID

If you have copy pasted Single Sign-ON URL (which also includes Client ID) it will automatically pasted here too. But if that doesn’t work, you can copy your MiniOrange client id here manually

Attribute name of the user’s groups

If you want to use a custom profile attribute in MiniOrange to differentiate users in DefensX, just enter the attribute name here (case sensitive). Otherwise, you should enter groups here for getting user groups from MiniOrange in default form.

MiniOrange Certificate

Click on the Upload PEM Certificate button and select the downloaded certificate file on previous step

and click on the Save button.

Go to the SettingsGlobal Settings and enable the MiniOrange Signin feature if it is not enabled.

Testing

You have configured your MiniOrange → DefensX Integration application. Now it is time to install DefensX Agent in a computer.

In this step, please make sure to Enable IAM User option is not disabled while deploying the agent. You can also choose to create another "Endpoint Deployment Group" with selecting "External Identity Provider" when asked.

Caution
 If the Enable LOGON User option is also enabled, a user in DefensX backend will be created on behalf of Windows Logon user. If you don’t want to create users like this way, it is important to disable the "Enable LOGON User" feature when deploying the agent.

After your DefensX Agent starts running on the client computer, please find the DefensX icon in the Tray Applications, click on the icon and select the Sign in menu. You’ll be redirected to the MiniOrange backend and if you don’t have a session on the MiniOrange, it will ask your credentials to authenticate yourself. Afterwards you’ll be redirected to DefensX and your user and group relationships will be created DefensX automatically.

Warning
 When you’ve created the application in the MiniOrange, it can take up to 10 minutes to become active in Single Sign-On integration. If you’re getting error, please wait a few minutes and try again.