- 22 Mar 2022
- 2 Minutes to read
-
Print
-
DarkLight
-
PDF
PingID Single Sign-on
- Updated on 22 Mar 2022
- 2 Minutes to read
-
Print
-
DarkLight
-
PDF
Overview
This documentation is specific to configuring SAML with PingID. Refer to the SAML Authentication Overview for more information.
Configuring PingID
In the PingOne console, the Connections tab has a list of applications that will connect. To create one:
- Click the
[+ Application]
button - Choose "Web App"
- Choose connection type "SAML"
- Use the Inedo product as the name i.e. ProGet
- Add an ACS URL of:
https://{inedo-product-host}/saml-acs-callback
- Note: PingID requires an HTTPS URL - Specify ENTITY ID of whatever you want (i.e. ProGet), and this value will be used as the SAML issuer value
- Leave defaults for everything else
- Once created, ensure the application is enabled (they are disabled by default)
Inedo Product Configuration
Option 1: Configure using the PingID provider
Currently this is only supported in ProGet v6.0.11+ when v6.1 preview security features are enabled.
This is the simplest method for configuring Inedo Products to use PingID for SAML based single sign-on.
- Navigate to Administration -> Manage Security
- In the "Login Options" box, click "change" to the right of SAML
- Select "PingID SAML Provider"
- Create your Application, if not already created
- Click "Next"
- Enter your "Entity ID" from the PingID application's SAML Settings
- Enter your "IDP Metadata URL" from your PingID appication's Configuration sub-tab
- Click Save
Option 2: Configure using a Custom Provider
This is the only supported way in ProGet 5.3 or using 6.0 security features in ProGet 6.0.
When using v6.1 preview features:
- Navigate to Administration -> Manage Security
- In the "Login Options" box, click "change" to the right of SAML
- Select "Custom/Other SAML Provider"
When using ProGet 5.3 or 6.0 security features:
- Navigate to Administration -> Enable Single Sign-on (SAML)
Configuration Settings
- In the SAML Issuer, enter the "Entity ID" from the PingID application's SAML Settings
- In a web browser, navigate to the "IDP Metadata URL" from your PingID appication's Configuration sub-tab
- In SAML Metadata, paste the XML from your federation metadata URL
- For the Display name attribute, enter
Formatted
- For the Email attribute, enter
Email Address
- Click "Save"
Troubleshooting
I cannot find my IDP Metadata URL
It is easiest just to expand the Configuration sub-tab of an application, and locate the IDP METADATA URL text field.
Otherwise, the SAML metadata for PingID is found at the URL:
https://auth.pingone.com/{environment-id}/saml20/metadata/{application-id}
The value for {environment-id}
is a GUID found in the PingOne Console Settings tab under ENVIRONMENT ID
. The value for {application-id}
is a GUID found in the Connections tab when the application is expanded under CLIENT ID.