miniorange_saml_idp
The module functions as a SAML Identity Provider (IdP) and enables Single Sign-On (SSO) between your Drupal site and multiple SAML-compliant Service Providers (SPs) such as Moodle, Oracle, Nextcloud, AWS, Freshdesk, Rocket Chat, and many more. By configuring Drupal as an Identity Provider, users can authenticate once using their Drupal credentials and securely access connected applications without logging in again. This setup ensures centralized authentication, improved security, and seamless user access across integrated platforms.
Know more Setup Guides Our unique case-studies
Benefits of Drupal SAML IdP module
SAML-based SSO allows organizations to maintain strong security controls through centralized identity management. This configuration ensures secure authentication between Drupal (IdP) and connected Service Providers (SPs), while maintaining centralized identity and access management.
When Drupal acts as the Identity Provider:
- User authentication is handled centrally within Drupal.
- Connected applications (SPs) rely on Drupal to validate user identity.
- Passwords and authentication logic are not managed separately across multiple applications.
Important Features of the Module
- Multiple applications/service providers: Connect your Drupal site with multiple external applications using Single Sign-On (SSO), enabling users to log in once and access all connected platforms securely without re-entering credentials.
- Both SP and IdP-initiated SSO: Supports both SP-initiated and IdP-initiated Single Sign-On (SSO), enabling authentication to begin either from the Service Provider or directly through Drupal as the Identity Provider.
- SAML Single Logout: Single Logout (SLO) automatically ends the user session across all connected applications when they log out from one platform, ensuring secure and consistent session management.
- Sends user Attributes and Constant Attributes: Module allows to send user information, such as name, email, and roles, along with constant attributes to the connected applications.
- Profile Module Attributes: The module allows sending attributes from the profile module in the SAML response.
- Signed response and encrypted assertion: Sign SAML responses and encrypt assertions to ensure secure authentication and protect user data during SSO.
- Custom certificate generation: Create and use custom security certificates to sign or encrypt SSO data, improving security.
- 2FA after SSO: Add an extra security step after SSO login by adding Two-Factor Authentication (2FA), such as an OTP sent to the user’s phone or email.
Plans for Every Need
Community Premium$450 / year or $45 / month
Try out the features
- Unlimited authentications for only the admin
- Supports one application/service provider
- Signs SAML assertions
- Sends basic attributes only in the assertion
- Only SP-initiated SSO is possible
- Unlimited SSO for all user roles
- Dedicated support engineer
- Supports multiple applications/service providers
- Both SP and IdP-initiated SSO
- Supports SAML Single Logout
- Sends all user attributes and roles in the SAML assertion
- Can send the constant and profile module attributes in the SAML assertion
- Support for signed response and encrypted assertion
- Custom certificate generation
- 2FA before SSO
- Profile module attribute mapping
Complementary modules
- Two Factor Authentication - TFA: This module adds an extra layer of security to your Drupal website with Multi-Factor / Two-Factor Authentication, supporting OTP via email, SMS, and TOTP-based authenticator apps.
- API Authentication: This module secures your Drupal API endpoints by preventing unauthorized access to your site.
Need any help?
If you face any issues or need any help in configuration, please feel free to reach out to us at [email protected]. You can also connect with us on the Drupal Slack channel.