PingIdentity Configuration
Last updated
Was this helpful?
Last updated
Was this helpful?
Option 1: Link to metadata file
Option 2: Input metadata manually
Sign in to PingIdentity as an administrator. In the left-hand menu, expand the " Applications" section and click "Applications:
You have the choice between Importing Metadata (from a file you downloaded from Sleuth), Importing from URL, or Manually Entering the metadata into PingIdentity.
The "ACS URLs" and "Entity ID" fields will populate automatically. Click "Save".
On the Application, switch to the "Configuration" tab, and click the pencil icon to enter edit mode:
Fill in any missing metadata (found in Sleuth), using the following reference:
ACS URLS
Assertion Consumer Service
https://app.sleuth.io/complete/saml/
ENTITY ID
SAML Entity ID
https://app.sleuth.io/saml/metadata/
SLO ENDPOINT
Single Logout Service
https://app.sleuth.io/saml/sls/
SUBJECT NAMEID FORMAT
n/a
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
TARGET APPLICATION URL
Default Relay State
(unique to each Sleuth org, usually your orgSlug)
VERIFICATION CERTIFICATE
Sleuth x509 Certificate
if not already filled in, can be found in Sleuth (needs to be saved as a crt file)
Leave other settings as they are and click "Save".
Once again on the Application, switch to the "Attribute Mappings" tab, and click the pencil icon to enter edit mode:
Edit the default Attribute saml_subject from User ID to Email Address, click the ... to reveal the contextual menu, and click Update NameFormat:
Select urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified from the list of options and click "Update":
Add the remaining required Attributes using the following reference and click "Save" when done:
first_name
Given Name
urn:oasis:names:tc:SAML:2.0:attrname-format:basic
last_name
Family Name
urn:oasis:names:tc:SAML:2.0:attrname-format:basic
email
Email Address
urn:oasis:names:tc:SAML:2.0:attrname-format:basic
You can choose between pointing Sleuth to a URL where the IdP's metadata is now available, or entering the metadata into Sleuth manually.
In PingIdentity on the "Configuration" tab on your Application, click the clipboard icon next to the "IDP Metadata URL" to copy the URL:
In Sleuth, click the "point Sleuth to metadata file URL" link to trigger the input modal and paste the copied URL into the field, then click "Save":
The remaining fields in Sleuth will get populated automatically, just click "Test Metadata and Save":
On the Application, switch to the "Access" tab, and click the pencil icon to enter edit mode, and select Group which should have access to this Application, and click "Save":
On the "Applications "page click the icon to add a new Application. In the "Add Application" pane provide an "Application Name" (e.g., Sleuth), a "Description" and an "Icon" for the Application, select "SAML Application" as the "Application Type", and click "Configure":
On the "SAML Configuration" page, select "Import Metadata", and click "Select a file" to find and select the metadata file on your computer (click to find out how to download the file):
