Integrating Federated Authentication with Ping One

Note: This guide includes screenshots and instructions for a third-party platform that could change at any time. Be sure to reference Ping One's documentation for the latest information. 

Please find full documentation for Federated Authentication here.

• First, a Ping One administrator should select Add Application 
  
  • Next, select Web App 
    
    
  • Choose the SAML connection type 
    
    
  • Create the App Profile. Enter information that will help you identify this application in Ping One. 
    
    
  • Begin to Configure the SAML Connection. The console will ask you to Provide App Metadata. select Manually Enter from the 3 options. 
  • At this point, Ping One will require information from the Cloud Platform, and Ping One will provide information that you will need to enter into the Cloud Platform. Refer to this documentation for more information. 
  • You will need to get the ACS Link from the Cloud Platform, and enter it into the ACS URLS field in Ping One. The Cloud Platform will not generate the ACS Link until you’ve entered information from Ping One, most of which Ping One will not provide until you’ve provided the ACS Link. To work around this issue, do the following:
    • On the Cloud Platform, enter placeholder values in the Entity ID and SSO URL fields (you’ll come back to update these later)
    • In Ping One, navigate to the Signing Key. 
      • Select Sign Assertion and Response
      • Leave the Signing Algorithm as the default option
      • Select Download the Signing Certificate 
      • Open the certificate with a text editor, copy the certificate, and paste it into the Cloud Platform as shown in the documentation.
    • Submit the information on the Cloud Platform to move onto the next page
    • On the next page, the Cloud Platform will display the ACS Link
    • Enter the ACS Link into the Ping One field labeled ACS URL 
      
      
  • In the Encryption section, do not Enable Encryption 
  • In the Entity ID field, enter the Entity ID provided by the Cloud Platform
  • Leave the SLO Endpoint and SLO Response Endpoint fields blank
  • For SLO Binding, select HTTP Redirect
  • For Assertion Validity, choose your preferred duration
  • The remainder of the fields can be left empty or with default values 
    
    
  • On the Attribute Mapping page, set the PingOne User Attribute to Email Address 
    
    
  • The next screen will display your new Application. Click on Configuration to retrieve the information that you need to provide to the Cloud Platform to finish the integration. 
    
     
    
    
  • 
    
    
  • At this point, go back into the Cloud Platform, and select Edit to update the placeholder values you provided on the Register an Identity Provider screen. 
    • In the Entity ID field, replace the placeholder value with the Issuer ID provided by Ping
    • In the SSO URL field, replace the placeholder value with the Single SignOn Service value provided by Ping
  • Double check this information, and submit. Review your final configuration and Enable the connection when you are ready.