---
title: "Integrating Federated Authentication with Ping One"
date: "2022-01-28T00:40:02+00:00"
summary:
image:
type: "article"
url: "/acquia-cloud-platform/help/93266-integrating-federated-authentication-ping-one"
id: "6950593e-7fd4-49c6-b879-1243c901cfc9"
---

Note: This guide includes screenshots and instructions for a third-party platform that could change at any time. Be sure to reference Ping One's documentation for the latest information. 

Please find full documentation for Federated Authentication [here](/node/56058).

1.  First, a Ping One administrator should select **Add Application** 
    
    ![Dashboard displaying a list of applications with toggles and statistics. A highlighted "+ Add Application" button is on the right.](https://acquia.widen.net/content/5710ca49-9856-42b4-bc1c-34dcc96a8877/web/ka06g000001tvdK00N6g00000VCdgi0EM6g000002VwA0.png)
    
    1.  Next, select **Web App** 
        
        ![Interface for selecting application types: Web App, Native App, Single Page App, Worker, Advanced Configuration. Web App option is highlighted.](https://acquia.widen.net/content/5d8bb059-5cc7-4ae6-95c6-8d0d56b90e2c/web/ka06g000001tvdK00N6g00000VCdgi0EM6g000002W0Fj.png)
        
        ![A black square with no visible content or details.](https://acquia.widen.net/content/3efb0681-265c-46ea-aadb-f1d9d5e53d70/web/ka06g000001tvdK00N6g00000VCdgi0EM6g000002VwAe.png?animate=true)
        
    2.  Choose the **SAML** connection type 
        
        ![Interface showing application type selection: Web App, Native App, Single Page App, Worker. SAML and OIDC connection types with "Configure" buttons highlighted.](https://acquia.widen.net/content/06bea148-5afc-4712-a6d1-881b9892c694/web/ka06g000001tvdK00N6g00000VCdgi0EM6g000002W0Fo.png)
        
        ![A simple black and white line drawing of a cat sitting with its tail curled around its paws.](https://acquia.widen.net/content/6eb242eb-5c08-4d40-a0fc-b284fb380126/web/ka06g000001tvdK00N6g00000VCdgi0EM6g000002VwAf.png?animate=true)
        
    3.  Create the App Profile. Enter information that will help you identify this application in Ping One. 
        
        ![App profile creation screen with fields for application name, description, and icon upload. Progress steps listed on the right.](https://acquia.widen.net/content/b22ecd55-0333-4774-8e05-fb94b5548088/web/ka06g000001tvdK00N6g00000VCdgi0EM6g000002W0Fy.png)
        
        ![A black and white illustration of a person playing a grand piano, with musical notes floating around them.](https://acquia.widen.net/content/fdcf10b7-050a-4fc0-b8b7-962ec079b3e3/web/ka06g000001tvdK00N6g00000VCdgi0EM6g000002VwAg.png?animate=true)
        
    4.  Begin to Configure the SAML Connection. The console will ask you to **Provide App Metadata**. select **Manually Enter** from the 3 options. 
    5.  At this point, Ping One will require information from the Cloud Platform, and Ping One will provide information that you will need to enter into the Cloud Platform. [Refer to this documentation](/node/56058) for more information. 
    6.  You will need to get the **ACS Link** from the Cloud Platform, and enter it into the **ACS URLS** field in Ping One. The Cloud Platform will not generate the **ACS Link** until you’ve entered information from Ping One, most of which Ping One will not provide until you’ve provided the **ACS Link**. To work around this issue, do the following:
        1.  On the Cloud Platform, enter placeholder values in the **Entity ID** and **SSO URL** fields (you’ll come back to update these later)
        2.  In Ping One, navigate to the **Signing Key.** 
            1.  Select **Sign** **Assertion and Response**
            2.  Leave the **Signing Algorithm** as the default option
            3.  Select **Download the Signing Certificate** 
            4.  Open the certificate with a text editor, copy the certificate, and paste it into the Cloud Platform as shown in the documentation.
        3.  **Submit** the information on the Cloud Platform to move onto the next page
        4.  On the next page, the Cloud Platform will display the **ACS Link**
        5.  Enter the **ACS Link** into the Ping One field labeled **ACS URL** 
            
            ![Configuration screen for SAML connection setup, with options for metadata entry, signing key selection, and signing certificate download highlighted.](https://acquia.widen.net/content/1e3a55fb-a254-436d-b577-588b358ce12f/web/ka06g000001tvdK00N6g00000VCdgi0EM6g000002W0G3.png)
            
            ****
            
            ![A black square with no visible content or details.](https://acquia.widen.net/content/f18befa7-3326-44fc-81c7-bcde8b780542/web/ka06g000001tvdK00N6g00000VCdgi0EM6g000002VwAh.png?animate=true)
            
            
            
            ****
    7.  In the **Encryption** section, do not Enable Encryption 
    8.  In the **Entity ID** field, enter the **Entity ID** provided by the Cloud Platform
    9.  Leave the **SLO Endpoint** and **SLO Response Endpoint** fields blank
    10.  For **SLO Binding**, select **HTTP Redirect**
    11.  For **Assertion Validity**, choose your preferred duration
    12.  The remainder of the fields can be left empty or with default values 
         
         ![SAML configuration screen for a web app, highlighting fields for Entity ID, HTTP Redirect, and Assertion Validity Duration in seconds.](https://acquia.widen.net/content/159df255-5603-4dc1-ac69-2da5517fc53e/web/ka06g000001tvdK00N6g00000VCdgi0EM6g000002W0G8.png)
         
         ![A black square with no visible features or details.](https://acquia.widen.net/content/01f44654-95d5-49e5-8773-eb31ffb39611/web/ka06g000001tvdK00N6g00000VCdgi0EM6g000002VwAi.png?animate=true)
         
    13.  On the **Attribute Mapping** page, set the PingOne User Attribute to **Email Address** 
         
         ![SAML attribute mapping interface showing "Email Address" mapped to "saml_subject" with a required checkbox.](https://acquia.widen.net/content/0bb5537f-dc0a-4213-b01e-fcfb5f346e74/web/ka06g000001tvdK00N6g00000VCdgi0EM6g000002W0GD.png)
         
         ![A black square with no visible content or details.](https://acquia.widen.net/content/e0b7b2dd-fe62-4fdd-9bef-e9c148b1bb3f/web/ka06g000001tvdK00N6g00000VCdgi0EM6g000002VwAj.png?animate=true)
         
    14.  The next screen will display your new Application. Click on **Configuration** to retrieve the information that you need to provide to the Cloud Platform to finish the integration. 
         
         ![Configuration page showing connection details with options for issuer ID, single logout, and single sign-on services highlighted in red.](https://acquia.widen.net/content/6536a9f4-d928-4906-b02a-3e011176f56d/web/ka06g000001tvdK00N6g00000VCdgi0EM6g000002W0GS.png)
         
          
         
         ![Table showing mapping between Ping One and Cloud Platform: Issuer ID to Entity ID, Single Sign-On Service to SSO URL.](https://acquia.widen.net/content/1651e1f2-961d-4931-92aa-4a0f6df6d073/web/ka06g000001tvdK00N6g00000VCdgi0EM6g000002W0Gc.png)
         
         ![Black square with no visible content or details.](https://acquia.widen.net/content/6d06d083-f25d-4400-bc83-c602754b4435/web/ka06g000001tvdK00N6g00000VCdgi0EM6g000002VwAk.png?animate=true)
         
    15.    
         
         ![A black square with no visible content or details.](https://acquia.widen.net/content/9deb2709-03d3-48d3-ac66-d54af23b64f3/web/ka06g000001tvdK00N6g00000VCdgi0EM6g000002VwAl.png?animate=true)
         
    16.  At this point, go back into the Cloud Platform, and select **Edit** to update the placeholder values you provided on the **Register an Identity Provider** screen. 
         1.  In the **Entity ID** field, replace the placeholder value with the **Issuer ID** provided by Ping
         2.  In the **SSO URL** field, replace the placeholder value with the **Single SignOn Service** value provided by Ping
    17.  Double check this information, and submit. Review your final configuration and **Enable** the connection when you are ready.