Configuring Ping Identity Single Sign-On Integration with SAML
Ping Identity provides federated identity management and intelligent access so users can connect securely to the cloud, mobile, and on-premises apps. The platform uses adaptive authentication and SSO for single-click access to all apps. This prevents security breaches and helps with the management of sensitive data.
- Using Security Assertion Markup Language (SAML), a user can use their managed account credentials to sign in to enterprise cloud applications via Single Sign-On (SSO). An Identity Provider (IdP) service provides administrators with a single place to manage all users and cloud applications.
- You don't have to manage individual user IDs and passwords tied to individual cloud applications for each user. An IdP service provides users a unified sign-on across all their enterprise cloud applications.
Acunetix supports the SAML methods both IdP-initiated and SP-initiated.
This topic explains how to configure Ping Identity and Acunetix for Single Sign-On.
Single Sign-On Fields
This table lists and explains the Single Sign-On fields.
Field | Description |
SAML 2.0 Service URL | This is the Consumer URL value (also called the SSO Endpoint or Recipient URL). |
Identifier | This is the base URL of Acunetix. |
SSO Provider | This is a drop-down to choose your SSO provider. |
SAML 2.0 Endpoint | This is the URL from your IdP's SSO Endpoint field. |
IdP Identifier | This is the SAML identity provider’s Identifier value. |
X.509 Certificate | This is the X.509 certificate value. |
How to add an application to Ping Identity
- Log in to your Ping Identity account.
- From the main menu, select Connections > Applications.
- From the Applications page, select the + (plus) sign.
- Enter your application name, then select SAML Application. (For this example, the application's name is Acunetix.)
- Select Configure when available after selecting the SAML Application.
- From the SAML Configuration, select Manually Enter.
- Open a separate tab and log in to Acunetix.
- From Acunetix's main menu, select Settings > Single Sign-On.
- Copy SAML 2.0 Service URL and paste it into ACS URLs.
- Copy Identifier and paste it into Entity ID.
- Select Save.
You added the application to your Ping Identity account. You need to configure the application to enable the Single Sign-On.
How to configure Ping Identity Single Sign-On Integration with SAML
- From the Applications page, select Acunetix.
- Next to the Acunetix, turn on the toggle.
- Select Acunetix.
- Select the Attribute Mappings tab, then edit (the pencil icon).
- For the saml_subject attribute, select Email Address from the PingOne Mappings drop-down.
- Select + Add.
- Add FirstName to the Attributes field and choose Given Name from the PingOne Mappings drop-down.
- Select + Add.
- Add LastName to the Attributes field and choose Family Name from the PingOne Mappings drop-down.
- Select Save.
- Select the Configuration tab, then edit (the pencil icon).
- Choose the Sign Assertion and Response option.
- Select Save.
- From the Connection Details, do the following:
- Copy the Issuer ID information, switch to the Acunetix tab, and paste the ID information into Idp Identifier.
- Copy the Single Signon Service, switch to the Acunetix tab, and paste it into SAML 2.0 Endpoint.
- Select Download Signing Certificate to download the certificate (X509 PEM (.crt).)
- Go to your download location and open the certificate with a text editor.
- Copy the X.509Certificate information, switch to the Acunetix tab, and paste it into X.509 Certificate.
- If you select Require SAML assertions to be encrypted, do one of the following:
- Select Generate a new certificate for me; OR
- Select I have an existing certificate, then upload your certificate and enter the certificate password.
- From the SSO Exemptions drop-down, select users to exempt them from the SSO. If so, they can log in to Acunetix via password.
- Select Save on the Acunetix tab to complete the integration.
Acunetix informs you that the SSO configuration is saved.