External IdP Configuration - PingOne SAML2

Learn how to configure an External Identity Provider (IdP) using PingOne SAML2 in order to enable single sign-on capabilities and enhance security within your organization's network.

Last published on: August 13th, 2024

 

 

Add Application

  • Click Applications from the left-side navigation section
  • Click Applications + sign.
  • Enter Application Name - The suggested Name is OpenMethods-SSO-OIDC
  • Enter Description.
  • Click Application Type SAML Application
  • Click the Configure button.

Add ACS URL, Entity ID, and SLO endpoint.

  • Click the Configuration tab.
  • Click Edit button
  • Enter ACS URLS - https://identity.openmethodscloud.com/auth/acs
  • Enter Entity ID as OpenMethods_Apps_PingOne_SAML
  • Enter SLO ENDPOINT - https://identity.openmethodscloud.com/auth/logout_callback.
  • Click the Save button.

 

Attribute Mappings

  • Add the following custom attributes, which will be included in the SAML response after successful login.
    • saml_subject - User ID
    • email - Email Address
    • first Name - Given Name
    • last Name - Family Name

Copy the required values

  • Please copy the following values and paste them temporarily into a notepad. These will be used in OpenMethods Experience Cloud SSO configuration.
    • IdP Metadata URL
    • Entity ID
      • We entered the value in step 2 above. If there is a change, we need to make sure to copy the added value.
      • This will be used as an Issuer in the OpenMethods SSO configuration page.

Assign Users

To allow users to access the Application

  • It is recommended to create a new group and assign the users who will need the OpenMethods access and then assign the group to the Application.
  • If no group is assigned to the Application then, be default, all the users will have access the Application.
 

 

  • In the Overview page, Click Directory on the left side navigations section
  • Click Groups
  • Click + sign to add a new Group.
  • Create a new Group - suggested Name is OM_ACCESS
  • Assign the users to the group.
  • Click Users tab and Add Users by using Add Individually or Add with a Filter option.
  • Open the Application and click the Access tab.
  • Click the Edit icon.
  • Select the Group from the group list.

Enable the Application

  • To enable the Application to be used, click the radio button at the top right of the page, as highlighted in the image, to allow the Application to be used.

 

Applications Applications • PingOne Cloud Platform • We're here to help (pingidentity.com)

Edit Application Editing an application - SAML • PingOne Cloud Platform • We're here to help (pingidentity.com)