This article covers the current level of support for SAML SSO in MangoApps. Each section can be accessed through the Table of Contents link.

What is SAML SSO?

Security Assertion Markup Language (SAML) is an XML standard that allows secure web domains to exchange user authentication and authorization data. Using SAML, MangoApps can contact a separate online identity provider to authenticate users who are trying to access secure content.

SSO is intended to unify authentication so that it may be used and reused by multiple web applications. Users enter their authentication one time and remain authenticated for the set duration of the SSO session.

What providers are supported for SAML SSO?

MangoApps integrates with the following SAML providers out-of-box for secure login. If you have a preferred provider that is not supported by MangoApps, please contact support to learn more about the process to go through MangoApps Professional Services to integrate your preferred provider.

How do I connect MangoApps to SAML SSO?

You have a number of options when considering a SAML service, including building a SAML server in-house (for example, OpenAM) or choosing a SAML Identity Provider (IdP) such as PingIdentity, Symplified¸ Bitium, etc.

SAML

To set up SAML in MangoApps, you’ll need the following:

  • A SAML server with provisioned users or connected to an identity repository
  • Issuer URL: This is the URL from where all SAML requests have to be issued in order to be trusted by MangoApps. Your IdP should be able give you this URL.
  • SAML 2.0 Endpoint: This is the URL that MangoApps will invoke to re-direct users to your IdP. Also, called as SAML Single Sign-On (SSO) URL.
  • Remote Logout URL: This is the URL that MangoApps will redirect your users to after they log out. If your IdP does not provide this, please enter the value same as SAML 2.0 Endpoint.
  • The SHA1 fingerprint of the SAML certificate from your SAML Identity Provider. X.509 certificates are supported and should be in PEM.

After you have your SAML server properly configured, you use the remote login URL and the SHA1 fingerprint to configure SAML within your MangoApps.

Some SAML servers may require additional information

Some SAML IdP’s may ask for the following information when configuring an integration with MangoApps:

  • The Access Consumer Service (ACS) URL is https://accountname.mangoapps.com/saml/consume (case sensitive)
    Note: In the URL above, replace ‘accountname’ with your mangoapps sub domain. Redirects to SAML Single Sign-on URL are HTTP POST.
  • The Service Provider initiated SSO URL is https://accountname.mangoapps.com/saml/init (case sensitive)
    Note: In the URL above, replace ‘accountname’ with your mangoapps sub domain.

Redirects to the IdP if the user directly tries to access MangoApps without having logged into the IdP earlier.