Configuration Guides

Configuring SAML SSO with Evernote and PingOne for Enterprise

Learn how to enable Evernote sign on from the PingOne for Enterprise console (IdP-initiated sign-on) and direct Evernote sign on using PingOne for Enterprise (SP-initiated sign-on).

Before you begin

  • Link PingOne for Enterprise to an identity repository containing the users requiring application access.

  • Populate Evernote with at least one user to test access.

  • You must have administrative access to PingOne for Enterprise and Evernote.

Update the Evernote application in PingOne for Enterprise

  1. Sign on to PingOne for Enterprise and go to Applications → Application Catalog.

  2. Search for Evernote.

    Screen capture of PingOne for Enterprise Application Catalog with Evernote displayed as a search result and the expansion arrow highlighted in red.

  3. Expand the Evernote entry and click the Setup icon.

  4. Copy the IdP ID value.

    You will need this wherever you see IdP-ID-value in the next procedure.

  5. Download the signing certificate.

    Screen captue of PingOne for Enterprise SSO Instructions with the Signing Certificate Download hyperlink, IdP ID field, and Issuer values all highlighted in red.

  6. Click Continue to Next Step twice.

  7. In the Attribute Mapping section, map SAML_SUBJECT to the attribute containing the user’s email address.

    Screen capture of PingOne for Enterprise Attribute Mapping section with the Email Identity Bridge Attribute or Literal Value field highlighted in red, as well as the Advanced button below it.

  8. Click Advanced.

  9. In the Name ID format to send to SP field, enter urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.

    Screen capture of PingOne for Enterprise Advanced Attribute Options for SAML_SUBJECT with the Name ID Format to send to SP highlighted in red.

  10. Click Save, then click Continue to Next Step twice.

  11. Click Add for all user groups that should have access to Evernote.

    Screen capture of PingOne for Enterprise Group Access section.

  12. Click Continue to Next Step.

  13. Click Finish.

Add the PingOne for Enterprise IdP connection to Evernote

  1. Sign on to your Evernote Admin organization as an administrator and go to the Evernote Business Admin Console.

  2. Go to Security → Single Sign-On.

  3. Set SAML HTTP Request URL to https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=IdP-ID-value.

  4. In a text editor, open your PingOne for Enterprise signing certificate.

  5. Copy and paste your signing certificate contents into the X.509 Certificate field.

  6. Click Save & Enable.

Test the PingOne for Enterprise IdP-initiated SSO integration

  1. Go to your Ping desktop as a user with Evernote access.

    To find the Ping desktop URL in the Admin console, go to Setup → Dock → Dock URL.

  2. Complete the PingOne for Enterprise authentication.

    Screen capture of PingOne for Enterprise sign on screen.

    You’re redirected to your Evernote domain.

Test the PingOne for Enterprise SP-initiated SSO integration

  1. Go to your Evernote URL.

  2. Select the PingOne for Enterprise sign on option.

  3. After you’re redirected to PingOne for Enterprise, enter your PingOne for Enterprise username and password.

    Screen capture of PingOne for Enterprise sign on screen.

    You’re redirected back to Evernote.