MangoApps as an SSO Provider for Workday
MangoApps as an SSO provider for Workday (Enterprise Apps)
Last updated
MangoApps Integrations Guide
MangoApps as an SSO provider for Workday (Enterprise Apps)
Last updated
This guide provides step-by-step instructions to configure MangoApps as a Single Sign-On (SSO) provider for Workday. This integration allows users to log in to Workday using their MangoApps credentials, improving security and ease of access.
To perform the setup successfully, you must have the appropriate administrative access in both systems.
MangoApps: Admin access to the MangoApps Admin Portal
Workday: Administrator privileges to access and edit tenant security settings
This section explains how to configure the SSO application within MangoApps.
Log in to MangoApps as an admin and navigate to Admin Portal > SSO > Application > MangoApps Provisioned Apps
Click the Add Application button and search for Workday.
Click the Add button next to Workday to access the app configurations pop-up menu.
From this menu, fill in the required fields:
Workday Application URL: Your Workday Application URL
Workday ACS URL: Your Workday Application URL/login-saml.html
Entity ID: e.g. http://www.workday.com
User Identifier: Select Email, sAMAccountName, or EmployeeID per your requirement
Save the application.
Download the Metadata from the three-dot menu of the configured Workday application to obtain the x509 certificate. This certificate will be used during the Workday portion of this setup.
The following steps outline how to configure Workday to trust MangoApps as its SSO identity provider.
Sign in to Workday with admin privileges.
Navigate to Edit Tenant Setup – Security by searching for it on the home screen and expand the Single Sign-On section.
Under Redirection URLs, click the plus icon and add the following:
Login Redirect URL:
https://<your mangoapps domain>/saml/08904ab0-343f-0137-0224-2f38cb4aeeeb/auth
Logout Redirect URL:
https://<your mangoapps domain>/saml/08904ab0-343f-0137-0224-2f38cb4aeeeb/logout
Mobile App Login Redirect URL:
https://<your mangoapps domain>/saml/08904ab0-343f-0137-0224-2f38cb4aeeeb/auth
Mobile Browser Login Redirect URL:
https://<your mangoapps domain>/saml/08904ab0-343f-0137-0224-2f38cb4aeeeb/logout
Then, enter an Environment name.
Next, scroll to the SAML Setup section and enable SAML Authentication.
Add a new SAML Identity Provider with the following values:
Identity Provider Name: MangoApps
Issuer: http://www.workday.com
For the x509 Certificate:
Click the horizontal lines icon an select Create x509 Public Key
Enter a unique name for your certificate (e.g., MangoApps.cert)
Paste the certificate from MangoApps (see MA Side Setup)
After adding the certificate, click OK to save. This will return you to the Edit Tenant Setup - Security screen.
We will need to set a couple more values in order to complete the integration.
Set the following additional values in the Edit Tenant Setup - Security screen:
Service Provider ID: http://www.workday.com
Enable SP-Initiated SAML Authentication
IdP SSO Service URL: http://www.workday.com
Enable Always Require IdP Authentication
Select ForceAuthn Only
Authentication Request Signature Method: SHA256
Click OK to save.
After setup, it’s important to test the SSO flow to ensure everything works as expected before rolling it out to end users.
Use a test user account that exists in both MangoApps and Workday.
Test both SP-initiated login (from Workday) and IdP-initiated login (from MangoApps).
Verify the following:
Redirection works correctly.
User is authenticated using the correct identifier.
Access is granted without errors.
When setting up SSO, ensure your configuration meets your organization’s security requirements.
Use SHA256 for signature hashing.
Ensure your MangoApps and Workday tenants are using HTTPS.
Keep the x509 certificate secure and rotate it periodically.
Audit user login activities through MangoApps and Workday logs.
Once SSO is enabled, users can access Workday with their MangoApps credentials.
From MangoApps: Users can click the Workday app icon if published on the dashboard or app launcher.
From Workday: Users attempting to log in will be redirected to MangoApps for authentication.
Mobile Support: Both mobile app and browser-based logins are supported through SSO.
To ensure a smooth deployment, follow these steps:
Pilot with a small user group to validate the configuration.
Document the login process and provide training resources.
Update all relevant communication channels before rollout.
Monitor login traffic and support tickets during the initial rollout.
Plan for certificate renewal and revalidation schedules.
