This section provides details on how to configure SAML 2.0 & OAuth2 applications to authenticate against MangoApps as an IDP or OAuth Provider.

1. List of configured applications: Displays a list of all the Admin configured applications.

2. Setup Instructions: A step-by-step instructions guide to integrate the respective application with MangoApps.

3. Manage Settings: Allows you to edit the existing configuration for the application.

4. Toggle Bar: Click the toggle bar to enable/disable the application.

5. Add Applications: You can choose from a list of 13 out-of-the-box widely used applications for quick configuration. Additionally, you can add a custom SAML or OAuth2 application.

Adding a pre-configured SAML Application

When configuring a SAML application, your application acts as the Relying Party/Service Provider (SP) that redirects browser traffic from the client to Mango App - IDP (Identity Provider) for authentication.

In Admin Portal, click on SSO then click on Applications. Click on ‘Add Application’. Select one of the preconfigured applications.

1. Confirm the Application label.

2. Verify the prepopulated values, viz. ACS URL & Entity ID of the SP (Service Provider).

3. Select the user identifier/nameid to be either Email or samAccountName or EmployeeID.

4. Use the SSO & SLO URL to configure the SP side settings.

Adding a custom SAML & OAuth2 Application

If you’d like to add applications that aren’t in our catalog, you can creare a custom application.

Custom SAML Application

The following steps are specific to the Custom SAML application and are required in order to enable SSO for Custom SAML.

1. Customize the Application Name and Logo to easily identify your Custom SAML app.

2. Select the Sign On method as SAML.

3. Enter ACS URL (Assertion Consumer Service). The endpoint where the SAML Response/Assertion from MangoApps is sent with a HTTP POST.

4. Enter a logout URL where users would be redirected after signing off from the custom application.

5. Enter an Entity ID from the SP (Service Provider) side. An entity ID is a globally unique name for a SAML entity. In this case it’s for the SP.

6. Select the user identifier, which is the NameID element in the SAML assertion.

7. Select the format of the identifier/NameID in the SAML assertion.

8. Select the type of User attributes to be sent to the application in SAML assertion.

9. Copy the ‘SSO URL’ and paste it on the SP side. This URL will serve the authentication requests sent by the clients.

10. Copy the ‘SLO URL’ where the application would send the logout request.

(Optional)

11. Enable advanced security to encrypt the SAML messages from MangoApps.

12. Select the algorithm to encrypt the SAML response.

13. Paste the application/SP with a x509 certificate.

14. Enter the Private Key to encrypt the SAML response.

15. Enter Pass key to access the Private key (if the Private key is password protected).

Custom OAuth2 Application

This topic covers how to add the custom OAuth2 Client application to the Admin Portal and describes the available configuration fields and options.

1. Customize the Application Name and Logo to easily identify your Custom SAML app.

2. Select the Sign On method as OpenID Connect/OAuth2.

3. Specify the application type that’ll be using OAuth2. Web application uses OAuth’s implicit grant while the Mobile application uses authorization code grant flow.

4. Enter the endpoint/s where MangoApps will send the OAuth responses. For multiple endpoints specify each endpoint on a new line.

5. Enter the URL where users would be redirected to after a logout.

6. App URL is explicitly required for the Mobile applications.

7. Copy the Discovery URL / OAuth2 metadata and use it while configuring the application side.

8. Select the type of User attributes to be sent to the application in SAML assertion.

9. (Optional) Use the ‘User Profile URL’ to fetch additional user attributes configured in MangoApps.