miniOrange SSO (SAML)
To secure access to ngrok with miniOrange Single Sign-On using SAML:
This article details how to configure miniOrange as the primary Identity Provider for ngrok tunnels. By integrating miniOrange SSO with ngrok, you can:
- Restrict access to ngrok tunnels only to users authenticated via miniOrange.
- Use miniOrange security policies and MFA authenticators.
- Use miniOrange's Dashboard to facilitate access to ngrok apps.
Requirements
To configure ngrok tunnels with miniOrange, you must have:
- an miniOrange account with administrative rights to create apps.
- an ngrok Enterprise Account with an authtoken or admin access to configure edges with SAML.
Configuration Steps
To integrate ngrok with miniOrange SSO, you will need to:
- Configure miniOrange with the ngrok app.
- Configure ngrok with the SSO settings provided by miniOrange.
Step 1: Configure miniOrange
-
Access miniOrange, and sign in using your miniOrange administrator account.
-
On the Dashboard page, click Apps on the left menu, click Add Application, click the SAML/WS-Fed tile, and then click the Custom SAML App tile.
-
On the Add App page, enter
ngrok SAML
in the Custom Application Name field, -
Click the SSO tab, enter temporary values (i.e.,
https://temporary
) in both the SP Entity ID or Issuer and the ACS URL fields, and then click Save.
Step 2: Download the IdP metadata
-
On the View Apps page, click Select in the ngrok app line, and then click Metadata.
-
On the View IDP Metadata page, click Show Metadata Details, click Download Metadata, and then save the XML file on your desktop.
Step 3: Configure ngrok
To configure an edge with miniOrange:
-
Access the ngrok Dashboard and sign in using your ngrok account.
-
On the left menu, click Cloud Edge and then click Edges.
-
If you don't have an edge already set to add miniOrange SSO, create a test edge:
- Click + New Edge.
- Click Create HTTPS Edge.
- Click the pencil icon next to "no description", enter
Edge with miniOrange SSO SAML
as the edge name, and click Save.
-
On the edge settings menu, click SAML.
-
On the SAML page, click Begin setup, click Upload XML, and then open the XML metadata file you downloaded from miniOrange (See Download the IdP metadata).
-
Click Save at the top.
Step 4: Download the SP metadata
- On the SAML page of your ngrok edge, click the three dots close to the SP Metadata field, click Download XML File, and then save the XML file on your desktop.
Step 5: Link miniOrange with ngrok
-
On the miniOrange Dashboard, click Apps on the left menu, click Select in the ngrok SAML app line, and then click Edit.
-
On the Edit Application page, click Import SP Metadata, click File, open the XML metadata file you downloaded from ngrok (See Download the SP metadata), and then click Import.
-
On the Edit Application page, click Save.
Step 6: Start a Tunnel
- Access the ngrok edges page, click your edge, and then click Start a tunnel.
For this step, we assume you have an app running locally (i.e. on localhost:3000) with the ngrok client installed.
-
Click the copy icon next to the tunnel command.
-
Launch a tunnel:
- Launch a terminal.
- Paste the command but replace
http://localhost:80
with your localhost app address (i.e.,http://localhost:3000
). - Click Enter and an ngrok tunnel associated with your edge configuration will launch.
-
To confirm that the tunnel is connected to your edge:
-
Return to the ngrok dashboard
-
Close the Start a tunnel and the Tunnel group tabs
-
Refresh the test edge page. Under traffic, You will see the message You have 1 tunnel online. Start additional tunnels to begin load balancing.
- In the test edge, copy the endpoint URL. (You use this URL to test the miniOrange Authentication)
-
Grant access to miniOrange users
miniOrange allows its users to access SAML-integrated apps. To create a user follow the instructions below:
-
On the left menu of the miniOrange Dashboard, click Users and then click User List.
-
On the Users page, click the Add User, enter values for the Email, Username, First Name, Last Name, and Password field, and then click Create User.
Test the integration
-
In your browser, launch an incognito window with the Endpoints URL of your edge.
-
Access your ngrok tunnel using the copied endpoint URL (i.e.,
https://miniorange-sso-test.ngrok.io
). -
You should be prompted to log in with your miniOrange credentials.
-
After logging in, you should be able to see your web app.