Adding SSO to a connection
To enable single sign-on (SSO) to Workplace from Facebook, modify the provisioning connection that you created in Creating a provisioning connection.
Steps
-
On the PingFederate administrator console, open your existing SP connection.
Choose from:
-
For PingFederate 10.1 or later: go to Applications → Integration → SP Connections. Select your connection.
-
For PingFederate 10.0 or earlier: go to Identity Provider → SP Connections. Select your connection.
-
-
On the Connection Type tab select Browser SSO Profiles. Click Next.
-
On the Browser SSO tab, configure your SSO settings.
-
Go to Browser SSO → SAML Profiles and select only IdP-Initiated SSO and SP-Initiated SSO.
-
Go to Browser SSO → Assertion Creation → Attribute Contract. For SAML_SUBJECT, select urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.
-
On the Authentication Policy Mapping tab, select or create an authentication source that maps
SAML_SUBJECT
to an email attribute that matches the email addresses used in Workplace from Facebook.
For configuration help, see Configuring IdP Browser SSO in the PingFederate documentation.
-
-
On the Credentials tab, configure the connection credentials as shown in Configuring credentials in the PingFederate documentation.
-
On the Digital Signature Settings tab, from the Signing Certificate list, select the certificate that you want to use with Workplace from Facebook.
-
-
On the Activation and Summary tab, above the Summary section, click the toggle to turn on the connection. Click Save.