Configuring Ping Identity Single Sign-On Integration with SAML

Ping Identity provides federated identity management and intelligent access so users can connect securely to the cloud, mobile, and on-premises apps. The platform uses adaptive authentication and SSO for single-click access to all apps. This prevents security breaches and helps with the management of sensitive data.

• Using Security Assertion Markup Language (SAML), a user can use their managed account credentials to sign in to enterprise cloud applications via Single Sign-On (SSO). An Identity Provider (IdP) service provides administrators with a single place to manage all users and cloud applications.
• You don't have to manage individual user IDs and passwords tied to individual cloud applications for each user. An IdP service provides users a unified sign-on across all their enterprise cloud applications.

Acunetix supports the SAML methods both IdP-initiated and SP-initiated.

This topic explains how to configure Ping Identity and Acunetix for Single Sign-On.

Single Sign-On Fields

This table lists and explains the Single Sign-On fields.

How to add an application to Ping Identity

1. Log in to your Ping Identity account.
2. From the main menu, select Connections > Applications.
3. From the Applications page, select the + (plus) sign.
4. Enter your application name, then select SAML Application. (For this example, the application's name is Acunetix.)

5. Select Configure when available after selecting the SAML Application.
6. From the SAML Configuration, select Manually Enter.

7. Open a separate tab and log in to Acunetix.
8. From Acunetix's main menu, select Settings > Single Sign-On.  

1. Copy SAML 2.0 Service URL and paste it into ACS URLs.
2. Copy Identifier and paste it into Entity ID.
3. Select Save.

You added the application to your Ping Identity account. You need to configure the application to enable the Single Sign-On.

How to configure Ping Identity Single Sign-On Integration with SAML

1. From the Applications page, select Acunetix.
2. Next to the Acunetix, turn on the toggle.
3. Select Acunetix.

4. Select the Attribute Mappings tab, then edit (the pencil icon).

1. For the saml_subject attribute, select Email Address from the PingOne Mappings drop-down.
2. Select + Add.
3. Add FirstName to the Attributes field and choose Given Name from the PingOne Mappings drop-down.
4. Select + Add.
5. Add LastName to the Attributes field and choose Family Name from the PingOne Mappings drop-down.
6. Select Save.

5. Select the Configuration tab, then edit (the pencil icon).
6. Choose the Sign Assertion and Response option.

7. Select Save.
8. From the Connection Details, do the following:

1. Copy the Issuer ID information, switch to the Acunetix tab, and paste the ID information into Idp Identifier.
2. Copy the Single Signon Service, switch to the Acunetix tab, and paste it into SAML 2.0 Endpoint.
3. Select Download Signing Certificate to download the certificate (X509 PEM (.crt).)
4. Go to your download location and open the certificate with a text editor.
5. Copy the X.509Certificate information, switch to the Acunetix tab, and paste it into X.509 Certificate.

9. If you select Require SAML assertions to be encrypted, do one of the following:

1. Select Generate a new certificate for me; OR
2. Select I have an existing certificate, then upload your certificate and enter the certificate password.

10. From the SSO Exemptions drop-down, select users to exempt them from the SSO. If so, they can log in to Acunetix via password.
11. Select Save on the Acunetix tab to complete the integration.

Acunetix informs you that the SSO configuration is saved.