PingIdentity Configuration
Last updated
Last updated
Enter PingIdentity's metadata into Sleuth
Option 1: Link to metadata file
Option 2: Input metadata manually
Sign in to PingIdentity as an administrator. In the left-hand menu, expand the " Applications" section and click "Applications:
You have the choice between Importing Metadata (from a file you downloaded from Sleuth), Importing from URL, or Manually Entering the metadata into PingIdentity.
On the "SAML Configuration" page, select "Import Metadata", and click "Select a file" to find and select the metadata file on your computer (click here to find out how to download the file):
The "ACS URLs" and "Entity ID" fields will populate automatically. Click "Save".
On the Application, switch to the "Configuration" tab, and click the pencil icon to enter edit mode:
Fill in any missing metadata (found in Sleuth), using the following reference:
Leave other settings as they are and click "Save".
Once again on the Application, switch to the "Attribute Mappings" tab, and click the pencil icon to enter edit mode:
Edit the default Attribute saml_subject from User ID to Email Address, click the ... to reveal the contextual menu, and click Update NameFormat:
Select urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified from the list of options and click "Update":
Add the remaining required Attributes using the following reference and click "Save" when done:
Don't forget to enable your Application by flipping the toggle!
You can choose between pointing Sleuth to a URL where the IdP's metadata is now available, or entering the metadata into Sleuth manually.
In PingIdentity on the "Configuration" tab on your Application, click the clipboard icon next to the "IDP Metadata URL" to copy the URL:
In Sleuth, click the "point Sleuth to metadata file URL" link to trigger the input modal and paste the copied URL into the field, then click "Save":
The remaining fields in Sleuth will get populated automatically, just click "Test Metadata and Save":
Sleuth defaults all of the Advanced configuration to the most commonly used values, but depending on your IdP configuration you might need to adjust "Advanced settings".
On the Application, switch to the "Access" tab, and click the pencil icon to enter edit mode, and select Group which should have access to this Application, and click "Save":
On the "Applications "page click the icon to add a new Application. In the "Add Application" pane provide an "Application Name" (e.g., Sleuth), a "Description" and an "Icon" for the Application, select "SAML Application" as the "Application Type", and click "Configure":
| PINGIDENTITY | SLEUTH | EXAMPLE |
|---|---|---|
| PINGIDENTITY | SLEUTH | EXAMPLE |
|---|---|---|
| Attributes | PingOne Mappings | NameFormat |
|---|---|---|
| SLEUTH | PINGIDENTITY | EXAMPLE |
|---|---|---|
ACS URLs
Assertion Consumer Service
https://app.sleuth.io/complete/saml/
Entity ID
SAML Entity ID
https://app.sleuth.io/saml/metadata/
ACS URLS
Assertion Consumer Service
https://app.sleuth.io/complete/saml/
ENTITY ID
SAML Entity ID
https://app.sleuth.io/saml/metadata/
SLO ENDPOINT
Single Logout Service
https://app.sleuth.io/saml/sls/
SUBJECT NAMEID FORMAT
n/a
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
TARGET APPLICATION URL
Default Relay State
(unique to each Sleuth org, usually your orgSlug)
VERIFICATION CERTIFICATE
Sleuth x509 Certificate
if not already filled in, can be found in Sleuth (needs to be saved as a crt file)
first_name
Given Name
urn:oasis:names:tc:SAML:2.0:attrname-format:basic
last_name
Family Name
urn:oasis:names:tc:SAML:2.0:attrname-format:basic
email
Email Address
urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Entity ID
Issuer ID
https://auth.pingone.eu/<...>
SSO URL
Single Signon Service
https://auth.pingone.eu/<...>/saml20/idp/sso
SLO URL
Single Logout Service
https://auth.pingone.eu/<...>/saml20/idp/slo
Certificate
Download Signing Certificate
-----BEGIN CERTIFICATE-----
<...>
-----END CERTIFICATE-----
