PingIdentity Configuration
Steps to follow
Enter PingIdentity's metadata into Sleuth
Option 1: Link to metadata file
Option 2: Input metadata manually
Create a new Application
Sign in to PingIdentity as an administrator. In the left-hand menu, expand the " Applications" section and click "Applications:
On the "Applications "page click the ➕ icon to add a new Application. In the "Add Application" pane provide an "Application Name" (e.g., Sleuth), a "Description" and an "Icon" for the Application, select "SAML Application" as the "Application Type", and click "Configure":
Set up Single Sign-On
You have the choice between Importing Metadata (from a file you downloaded from Sleuth), Importing from URL, or Manually Entering the metadata into PingIdentity.
On the "SAML Configuration" page, select "Import Metadata", and click "Select a file" to find and select the metadata file on your computer (click here to find out how to download the file):
The "ACS URLs" and "Entity ID" fields will populate automatically. Click "Save".
On the Application, switch to the "Configuration" tab, and click the pencil icon to enter edit mode:
Fill in any missing metadata (found in Sleuth), using the following reference:
| PINGIDENTITY | SLEUTH | EXAMPLE |
|---|---|---|
ACS URLS | Assertion Consumer Service |
|
ENTITY ID | SAML Entity ID |
|
SLO ENDPOINT | Single Logout Service |
|
SUBJECT NAMEID FORMAT | n/a |
|
TARGET APPLICATION URL | Default Relay State | (unique to each Sleuth org, usually your |
VERIFICATION CERTIFICATE | Sleuth x509 Certificate | if not already filled in, can be found in Sleuth (needs to be saved as a |
Leave other settings as they are and click "Save".
Configure Attributes
Once again on the Application, switch to the "Attribute Mappings" tab, and click the pencil icon to enter edit mode:
Edit the default Attribute saml_subject from User ID to Email Address, click the ... to reveal the contextual menu, and click Update NameFormat:
Select urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified from the list of options and click "Update":
Add the remaining required Attributes using the following reference and click "Save" when done:
| Attributes | PingOne Mappings | NameFormat |
|---|---|---|
| Given Name |
|
| Family Name |
|
| Email Address |
|
Don't forget to enable your Application by flipping the toggle!
Enter PingIdentity's metadata into Sleuth
You can choose between pointing Sleuth to a URL where the IdP's metadata is now available, or entering the metadata into Sleuth manually.
In PingIdentity on the "Configuration" tab on your Application, click the clipboard icon next to the "IDP Metadata URL" to copy the URL:
In Sleuth, click the "point Sleuth to metadata file URL" link to trigger the input modal and paste the copied URL into the field, then click "Save":
The remaining fields in Sleuth will get populated automatically, just click "Test Metadata and Save":
Sleuth defaults all of the Advanced configuration to the most commonly used values, but depending on your IdP configuration you might need to adjust "Advanced settings".
Assign Groups to the Application
On the Application, switch to the "Access" tab, and click the pencil icon to enter edit mode, and select Group which should have access to this Application, and click "Save":
Last updated
