miniorange_saml

The module functions as a SAML Service Provider (SP) and can be configured to enable Single Sign-On (SSO) between the Drupal site and a SAML-compliant Identity Provider (such as Microsoft Entra ID, Google Apps, ADFS, Salesforce, Okta, Shibboleth, and miniOrange, and others.) This configuration ensures the secure authentication between Drupal site and IdP.

Know more Handbook

What are the benefits of implementing SAML SSO with Drupal?

SSO, based on the SAML specification, provides organizations with the ability to maintain strong security controls through centralized management of authentication. In the case of Drupal SSO, user credentials are not stored locally within Drupal; instead, authentication and access control are delegated to a trusted Identity Provider.
Thus, organizations utilizing Drupal with SAML SSO can:

• Enhance user experience without compromising on security.
• Improve system security by shrinking the attack surface and reducing the chances of leaked credentials.
• Continuously monitor and govern access to mission critical resources and sensitive data.
• Combine it with an automated User Provisioning solution to avoid manual onboarding and offboarding errors.

These make SAML SSO an ideal choice for enterprise implementations of Drupal, intranets, and portals, as well as external customer-facing applications.

Module Features

• Easy Configuration: Quickly configure the module with any SAML-compliant IdP using a few simple steps. Comprehensive documentation is available for guidance. Supports setup via metadata URL or metadata file.
• Multiple IdP Support: Allows configuration of multiple IdPs.
• Single Logout (SLO): The module supports the SLO feature. With this feature, users can log out of Drupal and automatically be logged out of all connected Identity Providers (IdPs).
• Strict IdP-Based Login: Enforces login using only IdP credentials, redirecting users to the IdP and restricting access to the Drupal login page.
• Profile Module Mapping: Supports mapping attributes to profiles created using the profile module.
• Attribute Mapping: Map IdP attributes to Drupal user fields seamlessly.
• Role Mapping: Assign user roles in Drupal based on attribute values from the IdP.
• Attribute-Based SSO: Control user login based on IdP response attributes like role, department, or group membership.
• Domain-Based IdP Redirection: Redirect users to specific IdPs based on their email domain in multi-IdP setups.
• Post-Login/Logout Redirection: Redirect users to a static page after login or logout.

Note: Few features are available in the upgraded versions of the module.

Complementary modules

• User Provisioning & Sync: This module helps automate user account provisioning and deprovisioning while syncing user roles and groups between the server and the client.
• API Authentication: The Drupal REST & JSON API Authentication module secures Drupal APIs using methods like Basic Auth, API Keys, JWT, and more.

Need any help?

If you face any issues or need any help in configuration, please feel free to reach out to us at [email protected]. You can also connect with us on the Drupal Slack channel.

 Contact Us Join Our Slack Channel