Skip to main content

Administrator authentication

Administrator authentication controls how your administrators access the Mambo platform. This guide explains the available authentication methods and provides detailed setup instructions for each option.

Prerequisites

  • Administrator access to Mambo
  • HTTPS enabled for SAML authentication
  • Relevant directory service credentials (for LDAP/SAML)

Authentication methods

Mambo internal directory

The simplest authentication method where administrator credentials are stored directly in Mambo. Administrators use their UUID as username and a configured password to access the administration panel.

LDAP directory

Connect Mambo to LDAP-compatible directories like Microsoft Active Directory. Administrators use their existing directory credentials for authentication.

Configuration steps:

  1. Configure LDAP server connection details
  2. Map LDAP attributes to Mambo fields
  3. Test the connection
  4. Save and validate settings

SAML directory

Enable Single Sign-On (SSO) through any SAML-compatible identity provider. Users are redirected to their organisation's login portal and returned to Mambo after successful authentication.

Important: Administrators must use the specific login URL provided in the "New Login Address" section.

SAML provider setup guides

Google workspace

Google configuration

  1. Access Google Admin console (admin.google.com)
  2. Navigate to Apps > Web and mobile apps
  3. Click Add App > Add custom SAML app
  4. Configure app details:
    • Name: Mambo
    • Icon: Optional
  5. Download IDP metadata from the Google Identity Provider page
  6. Configure Service Provider Details:
    • ACS URL: Copy Mambo's SAML Callback URL
    • Entity ID: Use the same SAML Callback URL
  7. Set attribute mappings:
    • Primary email → email
    • First name → firstname
    • Last name → lastname
  8. Enable the application for your organisation

Mambo configuration

  1. Navigate to Server Settings
  2. Switch IDP Metadata to XML
  3. Copy IDP Metadata file contents to the field
  4. Select Default Groups for administrators
  5. Configure user synchronisation:
    • UUID → email
    • First Name → firstname
    • Last Name → lastname
    • Email → email
  6. Save directory settings

Azure Active Directory

Azure configuration

  1. Access Azure portal (portal.azure.com)
  2. Navigate to Azure Active Directory > Enterprise applications
  3. Create new Azure AD SAML Toolkit application
  4. Configure single sign-on:
    • Select SAML method
    • Entity ID: Mambo's SAML Callback URL
    • Reply URL: Mambo's SAML Callback URL
    • Sign on URL: Mambo's New Login Address
  5. Configure attribute mappings:
  6. Copy the App Federation Metadata URL

Mambo configuration

  1. Navigate to Server Settings
  2. Set IDP Metadata to URL
  3. Enter the App Federation Metadata URL
  4. Select Default Groups for administrators
  5. Configure attribute mappings as shown above
  6. Save directory settings

Auth0

Auth0 configuration

  1. Create new Regular Web Application
  2. Configure basic settings:
    • Name: Mambo
    • Allowed Callback URLs: Mambo's SAML Callback URL
  3. Access Advanced Settings > Endpoints
  4. Copy the SAML Metadata URL

Mambo configuration

  1. Navigate to Server Settings
  2. Set IDP Metadata to URL
  3. Enter the SAML Metadata URL
  4. Select Default Groups for administrators
  5. Configure attribute mappings:
  6. Save directory settings

Troubleshooting

Common issues and solutions:

  • Failed SAML login: Verify HTTPS is enabled and callback URLs are correct
  • Missing user attributes: Check attribute mapping configuration
  • Access denied: Ensure default groups are properly configured
  • LDAP connection issues: Verify network connectivity and credentials