PingIdentity Configuration

Steps to follow

Create a new Application
Set up Single Sign-On
- Configure Attributes
Enter PingIdentity's metadata into Sleuth
- Option 1: Link to metadata file
- Option 2: Input metadata manually
Assign Groups to the Application

Create a new Application

Sign in to PingIdentity as an administrator. In the left-hand menu, expand the " Applications" section and click "Applications:

On the "Applications "page click the ➕ icon to add a new Application. In the "Add Application" pane provide an "Application Name" (e.g., Sleuth), a "Description" and an "Icon" for the Application, select "SAML Application" as the "Application Type", and click "Configure":

Set up Single Sign-On

You have the choice between Importing Metadata (from a file you downloaded from Sleuth), Importing from URL, or Manually Entering the metadata into PingIdentity.

On the "SAML Configuration" page, select "Import Metadata", and click "Select a file" to find and select the metadata file on your computer (click here to find out how to download the file):

The "ACS URLs" and "Entity ID" fields will populate automatically. Click "Save".

On the "SAML Configuration" page, select "Import From URL", paste the following URL into the "Import URL" field, and click "Import":

https://app.sleuth.io/saml/metadata/

The "ACS URLs" and "Entity ID" fields will populate automatically. Click "Save".

On the "SAML Configuration" page, select "Manually Enter", and fill in the necessary metadata (found in Sleuth), using the following reference:

PINGIDENTITY

SLEUTH

EXAMPLE

ACS URLs

Assertion Consumer Service

https://app.sleuth.io/complete/saml/

Entity ID

SAML Entity ID

https://app.sleuth.io/saml/metadata/

Click "Save".

On the Application, switch to the "Configuration" tab, and click the pencil icon to enter edit mode:

Fill in any missing metadata (found in Sleuth), using the following reference:

PINGIDENTITY

SLEUTH

EXAMPLE

ACS URLS

Assertion Consumer Service

https://app.sleuth.io/complete/saml/

ENTITY ID

SAML Entity ID

https://app.sleuth.io/saml/metadata/

SLO ENDPOINT

Single Logout Service

https://app.sleuth.io/saml/sls/

SUBJECT NAMEID FORMAT

n/a

urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

TARGET APPLICATION URL

Default Relay State

(unique to each Sleuth org, usually your orgSlug)

VERIFICATION CERTIFICATE

Sleuth x509 Certificate

if not already filled in, can be found in Sleuth (needs to be saved as a crt file)

Leave other settings as they are and click "Save".

Configure Attributes

Once again on the Application, switch to the "Attribute Mappings" tab, and click the pencil icon to enter edit mode:

Edit the default Attribute saml_subject from User ID to Email Address, click the ... to reveal the contextual menu, and click Update NameFormat:

Select urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified from the list of options and click "Update":

Add the remaining required Attributes using the following reference and click "Save" when done:

Attributes

PingOne Mappings

NameFormat

first_name

Given Name

urn:oasis:names:tc:SAML:2.0:attrname-format:basic

last_name

Family Name

urn:oasis:names:tc:SAML:2.0:attrname-format:basic

email

Email Address

urn:oasis:names:tc:SAML:2.0:attrname-format:basic

Don't forget to enable your Application by flipping the toggle!

Enter PingIdentity's metadata into Sleuth

You can choose between pointing Sleuth to a URL where the IdP's metadata is now available, or entering the metadata into Sleuth manually.

In PingIdentity on the "Configuration" tab on your Application, click the clipboard icon next to the "IDP Metadata URL" to copy the URL:

In Sleuth, click the "point Sleuth to metadata file URL" link to trigger the input modal and paste the copied URL into the field, then click "Save":

The remaining fields in Sleuth will get populated automatically, just click "Test Metadata and Save":

Sleuth defaults all of the Advanced configuration to the most commonly used values, but depending on your IdP configuration you might need to adjust "Advanced settings".

You'll find the data needed for this in PingIdentity on the "Configuration" tab on your Application under "Connection Details":

Fill in the necessary metadata, using the following reference, and click "Test Metadata and Save":

SLEUTH

PINGIDENTITY

EXAMPLE

Entity ID

Issuer ID

https://auth.pingone.eu/<...>

SSO URL

Single Signon Service

https://auth.pingone.eu/<...>/saml20/idp/sso

SLO URL

Single Logout Service

https://auth.pingone.eu/<...>/saml20/idp/slo

Certificate

Download Signing Certificate

-----BEGIN CERTIFICATE----- <...> -----END CERTIFICATE-----

Sleuth defaults all of the Advanced configuration to the most commonly used values, but depending on your IdP configuration you might need to adjust "Advanced settings".

Assign Groups to the Application

On the Application, switch to the "Access" tab, and click the pencil icon to enter edit mode, and select Group which should have access to this Application, and click "Save":

PreviousAzure AD Configuration NextAccess Tokens

Last updated 1 year ago

Was this helpful?