Configuring SAML SSO with Evernote and PingFederate
Learn how to enable Evernote sign on from a PingFederate URL (IdP-initiated sign-on) and direct Evernote sign on using PingFederate (SP-initiated sign-on).
Before you begin
-
Configure PingFederate to authenticate against an IdP or datastore containing the users requiring application access.
-
Populate Evernote with at least one user to test access.
-
You must have administrative access to PingFederate and Evernote.
Create a PingFederate SP connection for Evernote
-
Sign on to the PingFederate administrative console.
-
Create an SP connection for Evernote in PingFederate:
-
Configure using Browser SSO profile SAML 2.0.
-
Set Partner’s Entity ID to
https://www.evernote.com/saml2. -
Enable the following SAML Profiles:
-
IdP-Initiated SSO
-
SP-Initiated SSO
-
-
In Assertion Creation → Authentication Source Mapping → Attribute Contract Fulfillment, map SAML_SUBJECT.
-
In Protocol Settings → Assertion Consumer Service URL, set Binding to POST and set Endpoint URL to
https://www.evernote.com/SamlConsumer.action. -
In Protocol Settings → Allowable SAML Bindings, enable POST.
-
In Credentials → Digital Signature Settings, select the PingFederate Signing Certificate.
-
-
Save the configuration.
-
Export the signing certificate.
-
Export the metadata, open the metadata file in a text editor, and copy the value of the Location entry (
https://your-value/idp/SSO.saml2).
Add the PingFederate connection to Evernote
-
Sign on to your Evernote Admin organization as an administrator and go to the Evernote Business Admin Console.
-
Go to Security → Single Sign-On.
-
Set SAML HTTP Request URL to the Location value from the metadata file that you downloaded previously (
https://your-value/idp/SSO.saml2). -
In a text editor, open your PingFederate signing certificate file, copy the contents, and paste your signing certificate contents into the X.509 Certificate field.
-
Click Save & Enable.