Guide Index
Guides HomeMangoApps WebsiteCommunity & SupportBlog & Resources
MangoApps Integrations Guide
MangoApps Integrations Guide
  • 🥭Integrations
  • 🌐Analytics
    • Google Analytics
    • Integration with Tableau
  • 🌐Digital Signage
    • Digital Signage Integrations
    • Integration with Appspace
    • Integration with Monitors AnyWhere
    • Integration with Rise Vision
    • Integration with ScreenCloud
    • Integration with Yodeck
  • 🌐Events
    • Event Integration with Zoom
  • 🌐File Storage and Sharing
    • Integration with Adobe Experience Manager (AEM)
    • Integration with Box
      • Box as the File Storage
      • Box as External Document Repository
    • Integration with Dropbox
    • Integration with Google Drive
    • Integration with NetSuite
    • Integration with SharePoint
      • SharePoint Files and Federated Search
      • SharePoint Widget
  • 🌐HRIS Partner Integrations
    • Paylocity Integration
  • 🌐Single Sign-On
    • Single Sign-On Integrations
    • Integration with ADP Workforce Now
    • Active Directory Federation Services
    • Active Directory/LDAP
    • Google Cloud Identity
    • SAML
    • Office 365 OAuth 2.0
    • SCIM Setup for OneLogin
    • Integration with Google Enterprise using OAUTH 2.0
    • Integration with Okta SCIM
    • SCIM Setup for Microsoft Entra ID
  • 🌐Shifts & Schedules
    • Integration with Kronos
    • 🆕Integration with PDI Workforce
  • 🌐Widgets
    • Integration with MS Stream
    • Integration with Tagbox
  • 🌐Workspace
    • Integration with AirBrake
    • Integration with Freshdesk
    • Integration with GitHub
    • Integration with Huddle
    • Integration with JIRA
    • Integration with Microsoft Clarity
    • Integration into Microsoft Teams
    • Integration with OC Tanner
    • Integration with Pingdom
    • Integration with Power BI
    • Integration with Salesforce
    • Integration with Slack
      • Integration with Slack for Channel Notifications
    • Integration with Zendesk
  • 🌐ADDITIONAL RESOURCES
    • Submit a Support Ticket
    • Release Notes
Powered by GitBook
On this page
  • Add SSO Connection
  • Vendor Walkthrough Videos
  1. Single Sign-On

SAML

Setting up SAML based SSO integration

PreviousGoogle Cloud IdentityNextOffice 365 OAuth 2.0

Last updated 1 month ago

This article has been moved from its original location in the Admin Guide.

MangoApps supports SAML - an XML-based standard for web browser single sign-on (SSO). Using SAML end users can log into MangoApps using authentication from a single Identity Provider (IdP) such as Okta, ADFS, OneLogin to name a few, thereby eliminating the need of memorizing application-specific passwords.

1. Name: The name of the configured SAML IDP (Identity Provider). The identity provider (IDP) is the authoritative site responsible for authenticating an end user and asserting MangoApps for the user.

2. Manage Settings: Allows you to edit the existing configuration for the connection.

3. Configure User Mappings: User mapping allows you to automatically populate the MangoApps User fields by syncing the details from your IDP.

4. Toggle Bar: Click the toggle bar to enable/disable the connection.

5. Auto redirect setting: Allows a Network Admin to enable auto redirect setting. This setting automatically redirects users to the IDP landing page when they visit MangoApps login page.

6. Add SSO Connection: You can choose from a list of 13 out-of-the-box widely used applications for quick configuration. Additionally, you can add a custom SAML or OAuth2 application.

Add SSO Connection

This section describes the steps to configure SSO for MangoApps using an IDP.

Log on to the MangoApps Admin portal. Click on SSO, then click on SAML (under Connections). Click ‘Add SSO Connection’.

1. Select from a list of well-known IDPs.

2. Confirm the Application label. You can edit the default label.

3. (Optional) JIT is the ability to dynamically create user accounts for IDP authenticated users, when they access MangoApps for the first time. For ex - with a just-in-time provisioning solution in place, when John accesses Mango's website for the first time, the SAML-based federated single sign-on process automatically creates John Doe's account and grant access to his requested resources.

If a user becomes "Deactivated" or "Deleted" through your user management method while JIT is enabled and still authorized through your IDP. When the user logs in with SAML, the system will reactivate their account or create a new one.

4. Use the IDP provided metadata URL/File to simplify the configuration process. The metadata prepopulates IDP information like: EntityID, Endpoints (Single Sign On Service Endpoint, Single Logout Service Endpoint), public X.509 cert, NameId Format. It can be read from URL or alternatively uploaded as a file.

5. Choose ‘Configure manually’ if the IDP Metadata isn’t available.

6. Enter an Entity ID/Issuer URL from the IDP side. An entity ID is a globally unique name for a SAML entity.

7. Copy the ACS URL and configure it on the IDP. ACS here is MangoApps (service provider's endpoint) URL that is responsible for receiving and parsing a SAML assertion.

8. Enter the SSO URL from IDP to redirect users for Authentication requests.

9. Enter a logout URL where users would be redirected after signing off from MangoApps.

10. Select a ‘User Identifier’ as one of ‘Email’ or ‘samAccountName’ or ‘EmployeeID’

11. Paste the x509 certificate from the IDP.

Your Identity Provider (IDP) may require an Audience URI (SP Entity ID). Below is an example of how to create that.

1. If you are using a mangoapps shared cloud domain, the following is what you would enter: https://(MangoappsSubDomain).mangopulse.com/saml

For example, if my site is https://cableinc.mangoapps.com/ on the shared cloud, then my Audience URI will be https://cableinc.mangopulse.com/saml

2. If your site is being hosted as a private cloud, then use the following format: https://(MangoappsSubDomain).(Domain).com/saml

For example, if my site is https://cableinc.companyco.com/ then my Audience URI will be https://cableinc.companyco.com/saml


Vendor Walkthrough Videos

In the following videos, we will guide you through the integration setup of MangoApps with Azure Active Directory (AD) using Entra ID, incorporating Single Sign-On (SSO) with Security Assertion Markup Language (SAML) connections.

These videos will offer a step-by-step walkthrough of the System for Cross-domain Identity Management (SCIM) provisioning process. We aim to provide comprehensive guidance on each stage of the integration, ensuring a smooth and efficient setup. We will also tackle two common troubleshooting issues that may arise during the configuration process. Our goal is to address these challenges proactively in the event they should occur.

OKTA shared cloud, this video will review setting up OKTA as the IDP for a Mangoapps shared cloud where the domain URL is specifically set up as "Intranet name".mangoapps.com

OKTA Private cloud, this video will Review setting up OKTA as the IDP for a Mangoapps private cloud domain or an On-premise setup. This is where the domain URL is anything.

OneLogin Shared cloud, this video will review setting up OneLogin as the IDP for a Mangoapps shared cloud where the domain URL is specifically set up as "Intranet name".mangoapps.com

OneLogin Private cloud, this video will Review setting up OneLogin as the IDP for a Mangoapps private cloud domain or an On-premise setup. This is where the domain URL is anything.

🌐
OKTA SAML Shared Cloud Setup
OKTA SAML Private cloud / On-premise
OneLogin SAML Shared cloud
OneLogin SAML Private cloud