PingIdentity SAML

Step-by-step guide to configure single sign-on with Ping Identity as the identity provider

This guide walks you through configuring Ping Identity as your SAML identity provider for the application you are onboarding, enabling secure single sign-on for your users. You'll learn how to set up an enterprise application, configure SAML settings to the host application. By following these steps, your users will be able to seamlessly authenticate using their Ping Identity credentials.

0. Create a custom SAML app in Ping Identity

Log in to PingOne Admin Console. Select Applications → Applications.

Custom SAML app

Add a New SAML Application → Click + Add Application.

Enter an Application Name and select the SAML Application as the Application Type. Click Configure.

Naming the custom SAML app

1. Configure the service provider in Ping Identity

Log in to your SSO configuration portal and click on Single Sign-On (SSO) → Ping Identity → SAML 2.0 for the organization you want to configure it for.

SSO Configuration Portal

Now, copy the following details from Scalekit's SSO settings:

• ACS URL (Assertion Consumer Service URL)
• SP Entity ID (Service Provider Entity ID)
• SP Metadata URL

Paste the details copied from your SSO configuration portal into the respective fields under SAML configuration in the Ping Identity dashboard:

• Method 1: Import Metadata

Import Metadata

• Method 2: Import from URL

Import from URL

• Method 3: Manually Enter

Manually Enter

2. Attribute mapping & assigning users/groups

2.1 Attribute mapping

For the user profile details to be shared with us at the time of user login as part of SAML response payload, SAML Attributes need to be configured in your Identity Provider portal.

To ensure seamless login, the below user profile details are needed:

• Email Address
• First Name
• Last Name

To configure these attributes, locate Attribute Mapping section in the SAML Configuration page in your Identity Provider's application, and carefully map the attributes with the Attribute names exactly as shown in the below image.

Attribute Mapping

2.2 Assign user/group

To finish the Service Provider section of the SAML configuration, you need to "add" the users who need to access to this application.

Find the User/Group assignment section in your Identity Provider application and select and assign all the required users or user groups that need access to this application via Single Sign-On.

Assign users & groups

3. Configure identity provider in your SSO configuration portal

In your SSO configuration portal, navigate to the Identity Provider Configuration section to complete the setup. You can do this in two ways:

• Method 1: Enter the Metadata URL and click update.

Configure using Metadata URL

• Method 2: Configure manually

To do so, enter the IdP entity ID, IdP Single Sign-on URL, and upload the x.509 certificate that you downloaded from Ping Identity. Then, click update.

Configure using Metadata URL

4. Verify successful connection by simulating SSO upon clicking test connection

To verify whether the SAML SSO configuration is completed correctly, click on Test Connection on the SSO Configuration Portal.

If everything is done correctly, you will see a Success response as shown below.

Test Single Sign On

If there's a misconfiguration, our test will identify the errors and will offer you a way to correct the configuration right on the screen.

5. Enable your single sign-on connection

After you successfully verified that the connection is configured correctly, you can enable the connection to let your users login to this application via Single Sign-on.

Click on Enable Connection.

Enable SSO Connection

With this, we are done configuring Ping Identity SAML for your application for an SSO login setup.