Page created: 6 Dec 2021
|
Page updated: 10 Dec 2021
| 5 min read
Product SAML Standards, specifications, and protocols Single Sign-on (SSO) Capability PingOne PingOne Cloud Platform
Learn how to configure SAML SSO using Aha! Ideas and PingOne.
For more information about Aha! and SAML SSO, see Aha! Roadmaps | Account SSO | SAML 2.0 on the Aha! support site.
- Sign on to your Aha! Ideas admin account.
-
On the Account settings page, go to Account > Security and single sign-on.
-
In the Single sign-on section, in the
Identity provider list, select SAML
2.0.
The SAML 2.0 Configuration page opens.
-
In a new tab, sign on to your PingOne SSO admin account.
You’ll use the settings displayed on Step 3 to configure Aha! Ideas in PingOne.
-
In PingOne, go to Connections > Applications and click the + icon.
-
On the New Applications page, click Advanced
Configuration and on the SAML line, click
Configure.
-
On the Create App Profile page, enter:
- Application Name (Required)
- Description (Optional)
- Icon (Optional)
-
On the Configure SAML Connection page, in the
Provide App Metadata section, click
Manually Enter.
-
On your Aha! Ideas tab, copy the SAML consumer URL and
SAML Entity ID values to a text editor.
Note:
The URLs are hard-coded and grayed-out, but you can still copy them.
-
In your PingOne SSO
account, paste the SAML consumer URL value into the
ACS URLS section and the SAML entity
ID value into the Entity ID
section.
-
Enter a value in the Assertion Validity Duration field,
such as 3600, and then click Save and Continue.
-
On the Attribute Mapping page, add the following
PingOne
Attributes:
User Attribute Application Attribute Email Address
EmailAddress
Family Name
LastName
Given Name
FirstName
Note:Leave the default User ID attribute.
-
Click Save and Close.
The Applications page opens.
-
In the Applications page:
- Click the toggle to enable the configuration by selecting the slider.
-
On the Configuration tab, in the
Download Metadata section, click
Download.
You'll upload this in Aha! Ideas in the next step.
-
On your Aha! Ideas tab, in the Configure using section,
click Metadata file and click Choose
File to upload the file that you downloaded in the previous
step.
-
Enter a Name for the connection, such as Ping Identity,
and click Enable to turn on the configuration.
-
Before testing the integration, you must create and assign identities in
PingOne. If you’ve already assigned
identities and groups in PingOne, start at step 18.
- In PingOne, go to Identities > Groups and click the + icon next to Groups.
-
On the Create New Group page, enter values for
the following:
- Group Name (Required)
- Description (Optional)
- Population (Optional)
-
Click Finish & Save.
-
To add identities to the group, on the
Identities tab, go to Users > + Add User.
-
On the Add User page, enter in all the necessary
information for a user.
Important:
Verify that the email address is correct, as this is the value passed in the SAML assertion.
-
Click Save.
-
To assign the user that you created to the group that you created
previously, locate the user you created and:
- Expand their section.
- Select the Groups tab.
- Click + Add.
-
In the Available Groups section, select the
group that you created and click the + icon to
add it to the user’s group memberships. Click
Save.
-
On the Connections tab, for the Aha! Ideas
application:
- Click the Access tab.
- Click the Pencil icon to edit the configuration.
-
Select the group that you created and add it to the Applied
Groups section. Click Save.
You're now ready to test the integration.
- In the PingOne admin console, go to Dashboard > Environment Properties.
-
Right-click on the Application Portal URL and open it in
a private browser session.
-
In your private browser window, sign on as the test user that you created and
click the Aha! Ideas tile.
You're signed on to the user's Aha! Ideas account.