For more details on available features in other plans, click here.
Terms to Know
- Identity Provider - The tool that your team uses to provide Single Sign-On functionality. For this article, we'll be exploring a setup process for Ping Identity.
- Metadata - Typically an XML file which tells the tools involved with handling your login process how to complete and validate the requests.
- Enforced SAML/SSO - A setting which specifies SAML/SSO as the primary login method for all users on your team and default login method for all new users.
As an Account Admin on a Professional or Enterprise plan, you have the option to setup single sign-on authentication method for your team. In the following article, we will explore how you can quickly and smoothly setup Ping Identity (PingID) as your team's SAML/SSO authentication method.
Setting Up Single Sign-On with PingIdentity
Step 1 - Getting Started in the Ping Identity Console
- From your console homepage, select the Environment you'd like to work in.
- In the far-left navigation bar, select the option labelled Connections to open your Applications menu.
- In the top-right corner of your Applications menu, select + Add Application.
- In the panel that appears, select the Web App option and click into the Configure button for SAML on the options that appear. This will take you through the 3-step setup process on Ping Identity.
- In the Create App Profile stage of the setup that appears first, name the new app "Roadmunk" and click the Next button in the bottom-right corner.
- In the Configure SAML Connection stage of the setup, we're going to enter "https://login.roadmunk.com" as the placeholder for both the ACS URLS and Entity ID fields. For the required Assertion Validity Duration field, enter "180". Click Save and Continue to move to the next step.
- On the Map Attributes stage of the setup, set the PingOne User Attribute value as Email Address from the drop-down menu.
- Once this has been completed, press Save and Close to finalize the setup of your new Roadmunk application in Ping Identity.
Step 2 - Generating the Service Provider (SP) Metadata file
- After completing the setup process, you'll be taken back to the Applications menu with your new Roadmunk application visible at the top of the list.
- Inside the application details shown on the screen, click over to the Configuration tab and locate the IDP Metadata URL field. Click into the text field containing the URL to copy it to your clipboard.
- Navigating over to Roadmunk in a new tab, click on your avatar in the bottom left corner and navigate to Account Settings.
- In the Account Settings menu, click into the Company tab.
- Locate the SAML/Single Sign-On (SSO) option at the bottom of the tab and click to toggle it on.
- In the menu options that appear, select Enter your IDP XML URL in Step 1 and paste the IP Metadata file URL that we copied in Step 3. Once pasted, select the Save URL option.
- Saving the URL should generate an SP Metadata file under Step 2. Select the Download Roadmunk Metadata button to save the roadmunk_sp_metadata.xml file to your device.
Step 3 - Applying the Configuration Values from the SP Metadata
- After downloading the file, navigate back into other tab to view the Applications menu on Ping Identity.
- In the options on the right-hand side of your details panel for your Roadmunk application, select Edit to access your Roadmunk app's settings screen. Navigate to the Configuration tab if you aren't already taken there and reveal the SAML Settings section at the bottom of that screen.
- To replace the placeholders this section, we will need to pull the unique values from the roadmunk_sp_metadata.xml file that we downloaded in Step 2. For easier readability, open a new tab in your browser and drag the XML file into it to view the file contents.
- For the configuration values listed below, search and locate the following values in your metadata file and paste them into their respective fields:
- ACS URLS - Paste the URL found in the Location="URL" value from your metadata file
- Entity ID - Paste the URL found in the entityID="URL" value from your metadata file
- When the values above have been applied, press the Save button at the bottom of the page and navigate back to the Application List through the To Application List button at the top of the settings screen.
- Once in the Application List, confirm that your Roadmunk app is active using the toggle provided.
Step 4 - Finalizing the Roadmunk Setup
- Navigating back to Roadmunk, head into the Account Settings menu once more.
- Click into the Security tab to access your active login methods.
- Clicking into the blue + Login Method button in the top-right corner of your Authentication Methods list, we can now see and select the new SSO option that appears at the bottom of the menu.
- Clicking into this will open a Ping Identity sign-on screen where you can attach your login to Roadmunk. If you're already logged into Ping Identity when attempting this attachment, it should complete automatically.
- If the Authentication Methods list doesn't refresh automatically, you can close out of the Account Settings and reopen them from your avatar in the bottom-left corner of your app.
Enabling Multi-Factor Authentication with Ping Identity Single Sign-On
Ping Identity supports a number of additional authentication layers which can help to provide an extra level of security for you and your team. A great guide on setting up multi-factor authentication for your team in Ping Identity can be found here on their product documentation site.