Skip to main content

PingIdentity SAML

Step-by-step guide to configure single sign-on with Ping Identity as the identity provider

0. Create a custom SAML app in Ping Identity

Log in to PingOne Admin Console. Select Applications → Applications.

Custom SAML app

Custom SAML app

Add a New SAML Application → Click + Add Application.

Enter an Application Name and select the SAML Application as the Application Type. Click Configure.

Naming the custom SAML app

Naming the custom SAML app

1. Configure the service provider in Ping Identity

Log in to your SSO configuration portal and click on Single Sign-On (SSO) → Ping Identity → SAML 2.0 for the organization you want to configure it for.

SSO Configuration Portal

SSO Configuration Portal

Now, copy the following details from Scalekit's SSO settings:

  • ACS URL (Assertion Consumer Service URL)
  • SP Entity ID (Service Provider Entity ID)
  • SP Metadata URL

Paste the details copied from your SSO configuration portal into the respective fields under SAML configuration in the Ping Identity dashboard:

  • Method 1: Import Metadata

Import Metadata

Import Metadata

  • Method 2: Import from URL

Import from URL

Import from URL

  • Method 3: Manually Enter

Manually Enter

Manually Enter

2. Attribute mapping & assigning users/groups

2.1 Attribute mapping

For the user profile details to be shared with us at the time of user login as part of SAML response payload, SAML Attributes need to be configured in your Identity Provider portal.

To ensure seamless login, the below user profile details are needed:

  • Email Address
  • First Name
  • Last Name

To configure these attributes, locate Attribute Mapping section in the SAML Configuration page in your Identity Provider's application, and carefully map the attributes with the Attribute names exactly as shown in the below image.

Attribute Mapping

Attribute Mapping

2.2 Assign user/group

To finish the Service Provider section of the SAML configuration, you need to "add" the users who need to access to this application.

Find the User/Group assignment section in your Identity Provider application and select and assign all the required users or user groups that need access to this application via Single Sign-On.

Assign users & groups

Assign users & groups

3. Configure identity provider in your SSO configuration portal

In your SSO configuration portal, navigate to the Identity Provider Configuration section to complete the setup. You can do this in two ways:

  • Method 1: Enter the Metadata URL and click update.

Configure using Metadata URL

Configure using Metadata URL

  • Method 2: Configure manually

To do so, enter the IdP entity ID, IdP Single Sign-on URL, and upload the x.509 certificate that you downloaded from Ping Identity. Then, click update.

Configure using Metadata URL

Configure using Metadata URL

4. Verify successful connection by simulating SSO upon clicking test connection

To verify whether the SAML SSO configuration is completed correctly, click on Test Connection on the SSO Configuration Portal.

If everything is done correctly, you will see a Success response as shown below.

Test Single Sign On

Test Single Sign On

If there's a misconfiguration, our test will identify the errors and will offer you a way to correct the configuration right on the screen.

5. Enable your single sign-on connection

After you successfully verified that the connection is configured correctly, you can enable the connection to let your users login to this application via Single Sign-on.

Click on Enable Connection.

Enable SSO Connection

Enable SSO Connection

With this, we are done configuring Ping Identity SAML for your application for an SSO login setup.

Is this page helpful? Yes No
Need help? Contact Support
Questions? Contact Us