Logo

How To Configure PingOne SSO

Overview

This will outline the configuration needed to configure PingOne Customer or Enterprise SSO in CloudBolt as well as account/application configuration in PingOne.

Considerations

This requires an administrator account in PingOne to create an application and add Users. This assumes an PingOne organization is already created.


Procedure

Initial CloudBolt SSO configuration

  1. Login as an Admin. Click on Admin Menu > Security > See All.

  2. Select Single-Sign On (SSO).

  3. Click on “Add a Single Sign-On IdP” box at top.

  4. Select Generic SAML Provider menu item.

  5. Complete the form as follows:

Name

PingIdentity <or any label>

Name ID Format

Email Address or Unspecified

Metadata Validity Limit

24

Accepted Time Difference

60

Contact Person

<any name>

Organization Name

<any name>

Organization Display Name

<any Display Name>

Organization URL

<URL of PingOne organization>

Sign Requests

Enabled

Force Authentication

Disabled

Assertion Signed

Enabled

Response Signed

Disabled

Allow Unknown Attributes

Enabled

Create Unknown Users

Enabled

Debug

Disabled

Email Attribute Name

email

Given Name Attribute Name

firstName

Surname Attribute Name

lastName

User ID Attribute Name

userName

  • Click Save.

    • Note the Single Sign-On URL

    • Note the Metadata URL / Entity ID

    • Click Download Metadata XML

Create the PingOne CloudBolt Application (PingOne Customer) (IN PROGRESS)

  1. Log into the PingOne Enterprise Web Interface

  2. Click on the Applications tab and select Add Application (LEFT OFF HERE)

  3. On the New Application page, select WEB APP → SAML → Configure

  4. Fill out the Application Name and Description. Click Next

  5. Please configure the following on the Configuration SAML Connection page

    1. ACS URLS → Input the Single Sign-On URL from the previous section

    2. ENTITY ID → Input the Metadata URL / Entity ID from the previous section

    3. ASSERTION VALIDITY DURATION (IN SECONDS) → 86,400 (24 hours)

Create the PingOne CloudBolt Application (PingOne Enterprise)

  1. Log into the PingOne Enterprise Web Interface

  2. Click on the SETUP tab, select Identity Repository and click Connect to an Identity Repository

    1. PINGONE DIRECTORY

      1. Select Next on the first section

      2. Make Note of the MAP ATTRIBUTES, we will need those later

      3. Click Save or Finish and we’ll configure PingOne Directory in the Application section below

  3. Click on the Applications tab and select Add Application → Search Application Catalog

  4. Type in Ping in the search box and and click the arrow next to the Ping IDaaS Directory Provisioner Application and click Setup

    1. SSO Instructions

      1. Download the Certificate and make note of all of the ID’s and URL’s and click Continue to Next Step

    2. Connection Configuration

      1. Upload Metadata → Select the metadata file you downloaded from the SSO section in CloudBolt Appliance

      2. You should now see that the ACS URL and Entity ID fields are now filled out and should match your SSO Provider in CloudBolt

      3. If everything looks good, click Continue to Next Step

    3. PingOne App Customization - Ping IDaaS Directory Provisioner

      1. Optional fields

      2. Once you’re finished, click Continue to Next Step

    4. Group Access

      1. Add any groups that you have (if any)

      2. Once you’re finished, click Continue to Next Step

    5.  Review Setup

      1. Review all of the information

        1. Make note of the Initiate Single Sign-On (SSO) URL

        2. Download the Signing Certificate and the SAML Metadata

      2. If everything looks good, click Finish

  5. Now that we have the SAML Metadata, we need to upload it to the CloudBolt Appliance

    1. Log into your CloudBolt Appliance

      1. Click on the Admin tab and under Security, click Single Sign-On (SSO)

      2. Select the Single Sign-On Provider that you’ve created before and click Upload IdP XML

        1. Metadata Source → Metadata File

        2. Metadata File → Select the file you downloaded in the previous section

        3. Once everything is selected, click Save

      3. You can now import the Certificate too if you want to use it

  6. Now test to see if everything works

    1. Click on the Users tab and create a new user

      1. Make sure his group membership matches what you had for the groups in the previous section

    2. Go to the Initiate Single Sign-On (SSO) URL that you made note of before and try to login with the new account

    3. If it redirects to CloudBolt and you’re able to login, you’re all set

Configure Branding

  1. Click on Admin → System → Branding and Portals

  2. Click Add a portal on the top left

  3. In the Add a portal window, fill out your Name, Domain/IP and select your Single Sign-On Provider

    1. Once you have all of that set, click Create

  4. Log out of the CloudBolt appliance and log back in

  5. Now you should see a button at the bottom saying Log in with PingOne (or whatever you used for the Name in step 3)

  6. Click the Log in with PingOne button and login with your credentials

  7. If your account is valid, you should be logged into the CloudBolt appliance

Additional information

Include links to outside source articles or reference material if applicable

Bolty McBoltFace -
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.