Configuring PingIdentity Single Sign-On Integration with SAML
Ping Identity software provides federated identity management and intelligent access so users can connect securely to the cloud, mobile and on-premises apps. The platform uses adaptive authentication and SSO for single-click access to all apps. This prevents security breaches and helps with the management of sensitive data.
Using Security Assertion Markup Language (SAML), a user can use their managed account credentials to sign in to enterprise cloud applications via Single Sign-On (SSO). An Identity Provider (IdP) service provides administrators with a single place to manage all users and cloud applications. You don't have to manage individual user IDs and passwords tied to individual cloud applications for each of your users. An IdP service provides your users with a unified sign-on across all their enterprise cloud applications.
Acunetix 360 supports the SAML methods both IdP initiated and SP initiated.
You can also create a new user in Acunetix 360 with the Enable Auto Provisioning option.
Single Sign-On Fields
This table lists and explains the Single Sign-On fields in the PingIdentity Single Sign-On window.
Select this option to enable the single sign-on feature.
Enforce to authenticate only with single sign-on
Enable this option so only administrator users can authenticate without single sign-on. Users can only sign in to Netsparker Enterprise by using the email address that belongs to their employer.
This is the SAML identity provider’s Identifier value.
SAML 2.0 Service URL
This is the Consumer URL value (also called the SSO Endpoint or Recipient URL).
SAML 2.0 Endpoint
This is the URL from your IdP's SSO Endpoint field.
This is the X.509 certificate value.
Enable Auto Provisioning
Enable this option so that an account will be automatically created for IdP registered users when they first access Netsparker Enterprise.
If you enable this option for user creation in Netsparker Enterprise, you must complete the FirstName, LastName and Phone Number (optional) fields in the Attribute Statements on the IdP side.
This means a new team member can log in to Netsparker Enterprise with no user permissions, such as Start Scan. They can add permissions after this.
Require SAML assertions to be encrypted
Enable this option to prevent third parties from reading private data in transit from assertions.
There are two options:
How to Configure PingIdentity Single Sign-On Integration with SAML
- Log in to your PingIdentity account and navigate to My Applications.
- Click Add Application, then New SAML Application.
The Application Details window is displayed.
- Complete the Application Name and Application Description fields.
- From the Category dropdown, select an option.
- Click Continue to Next Step. The Application Configuration window is displayed.
- Select I have the SAML configuration.
- Next, log in to Acunetix 360, and from the main menu, click Settings, then Single Sign-On. The Single Sign-On window is displayed. Select the PingIdentity tab.
- Copy the URL from the SAML 2.0 Service URL field.
- Then, in PingIdentity's Application Configuration window, paste the URL into the Assertion Consumer Service (ACS) field.
- Finally, in Acunetix 360, copy the URL from the Identifier field.
- Then, in PingIdentity's Application Configuration window, paste the URL into the Entity ID field.
- Click Continue to Next Step. The SSO Attribute Mapping window is displayed.
- If you selected Enable Auto Provisioning for user creation in Netsparker Enterprise you should complete the FirstName, LastName and Phone Number (optional) fields in SSO Attribute Mapping. If you did not select it, you do not need to complete anything.
- Click Continue to Next Step. The Group Access window is displayed.
- Click Continue to Next Step. The Review Setup window is displayed.
- In the SAML Metadata field, click Download to download the SAML metadata.
- Click Finish, and assign your users.
- Open the downloaded SAML metadata file, and copy the URL located in the EntityDescriptor node>entityID attribute:
- Then, log in to Acunetix 360, and from the main menu click Settings, then Single Sign-On. The Single Sign-On window is displayed. Select the PingIdentity tab, and paste the URL into the Idp Identifier field.
- Next, copy the URL from the SingleSignOnService node>Location attribute field.
- Then in Acunetix 360’s Single Sign-On window, paste the URL into the SAML 2.0 Endpoint field.
- Finally, copy the content of the X509Certificate node (signing).
- Then in Acunetix 360’s Single Sign-On window, paste it into the X.509 Certificate field.
- In Acunetix 360’s Single Sign-On window, click Save Changes.