OAuth 2.0

Setting up OAuth 2.0 based SSO integration

MangoApps supports OAuth - an open-standard framework and specification for authorizing client applications to access online resources. Authorization works by requiring a client to obtain an access token from a Server that in turn grants the client access to MangoApps protected resources.

MangoApps supports Google Apps & Office 365 as out-of-the-box connections. Additionally, you can configure a custom (OAuth2) connection using ‘OpenID Connect’. This section describes the steps to configure OAuth2 for MangoApps.

1. Displays the name of the configured OAuth2 Provider.

2. Manage Settings: Allows you to edit the existing configuration for the connection.

3. Configure User Mappings: Syncs the user profile field values from the Provider into MangoApps

4. Toggle Bar: Click the toggle bar to enable/disable the connection.

5. Add SSO Connection.

Google Apps

Google Apps can be used as a OAuth2 provider to authenticate & authorize the users logging into MangoApps.

1. Select the provider as Google Apps.

2. Confirm the Application label.

3. (Optional) Enabling JIT allows for creating of non-existent user accounts in MangoApps. In other words, JIT is the ability to dynamically create user accounts for OAuth Provider authenticated users, when they access a MangoApps for the first time.

4. Enter a logout URL where users would be redirected after signing off from the custom application.

5. Use Enterprise Credentials (ONLY for private cloud & on-premise customers)

Enable this setting if you want MangoApps to use the credentials of the App your company has registered in GoogleApps. Enable this if you’re a MangoApps private cloud or on-premise customer only. If you’re a shared cloud customer please keep this setting disabled as MangoApps will automatically handle the app registration.

To begin, obtain OAuth 2.0 client credentials from the Google API Console. Then your client application requests an access token from the Google Authorization Server, extracts a token from the response, and sends the token to the Google API that you want to access. For an interactive demonstration of using OAuth 2.0 with Google (including the option to use your own client credentials), experiment with the OAuth 2.0 Playground.

Refer the following video to configure GApps for OAuth

5. Enter the Client ID, Client Secret & Client X509 Cert URL from the downloaded JSON file.

6. Enter the Authorized Redirect URL as https://<mangodomain>.com/oauth2/complete

7. Enter the javascript origins URL as https://<mangodomain>.com

8. Enter the Site as https://accounts.google.com

9. Enter the Auth URL, Token URL & X509 Cert URL from the downloaded JSON file.

Office 365

O365 can be used as a OAuth2 provider to authenticate & authorize the users logging into MangoApps.

1. Select the provider as Office 365.

2. Confirm the Application label.

4. Enter a logout URL where users would be redirected after signing off from the custom application.

5. Use Enterprise Credentials (ONLY for private cloud & on-premise customers)

Enable this setting if you want MangoApps to use the credentials of the App your company has registered in Office 365 Azure directory. Enable this if you’re a MangoApps private cloud or on-premise customer only. If you’re a shared cloud customer please keep this setting disabled as MangoApps will automatically handle the app registration.

Refer the following video to configure O365 for OAuth

5. Enter Client ID & Secret created in the Azure’s app registration for O365.

6. Enter the Authorized Redirect URL as https://<mangodomain>.com/oauth2/complete

7. Enter the Javascript origins URL as https://<mangodomain>.com

8. The Auth & Token URL from Azure Endpoints section.

Vendor Walkthrough Videos

OKTA OpenIDConnect setup, The video will go over the OKTA setup for OpenIDConnect this is also a good video to understand the processes for any IDP provider as it would be the same type of steps and information that needs to be configured.

PreviousSAML NextCustom SSO

Last updated 1 year ago