PingOne for Enterprise

Amazon Web Services Connection Configuration

About this task

The ACS URL and Entity ID fields are populated with the correct values for Amazon Web Services (AWS).

All other fields are optional.

Steps

  1. In the Target Resource field, enter a URL to redirect the user to after IdP-initiated single sign-on (SSO).

  2. In the Single Logout Endpoint field, enter a URL for PingOne to send single logout (SLO) requests to.

  3. In the Single Logout Response Endpoint field, enter a URL for PingOne to send SLO responses to.

  4. To add a Primary Verification Certificate, click Browse to locate and upload a local certificate file used to verify SLO requests and responses coming from Achiever.

  5. To add a Secondary Verification Certificate, click Browse to locate and upload a local certificate used to verify SLO requests and responses in case the primary certificate fails.

  6. Select the Force Re-authentication checkbox to require your identity bridge to re-authenticate users with an active SSO session.

  7. Select the Encrypt Assertion checkbox to encrypt outgoing SAML assertions.

  8. On the Signing line:

    Choose from:

    • Click Sign Assertion to have PingOne sign outgoing SAML assertions. This is the default option.

    • Click Sign Response to have PingOne sign responses to incoming SAML assertions.

  9. From the Signing Algorithm list, select an algorithm with which to sign SAML assertions.

  10. Select the Use Custom URLcheckbox to enter a customer URL to launch AWS from the dock.

  11. Select the Set Up Provisioning checkbox to configure user provisioning to AWS.

Next steps

Click Continue to Next Step.