Learn how to enable Asana sign on from the PingOne console (IdP-initiated sign on) and direct Asana sign on using PingOne (SP-initiated sign on).
- Link PingOne to an identity repository containing the users requiring application access.
- Populate Asana with at least one user to test access.
- You must have administrative access to PingOne and a Super Admin account for an Enterprise Organization on Asana.
Add the Asana application to PingOne:
- Sign on to PingOne and go to .
To add a new application, click the + icon next
to the Applications heading.
- When prompted to select an application type, select WEB APP, then click Configure next to SAML for the chosen connection type.
- Enter Asana as the application name.
- Enter a suitable description.
- Upload an icon if desired.
- Click Next.
- For Provide App Metadata, select Manually Enter.
- In the ACS URLS field, enter https://app/asana.com/-/saml/consume.
- Select the Signing Key to use and then click Download Signing Certificate to download the certificate as X509 PEM (.crt).
- In the Entity ID field, enter https://app.asana.com.
- Leave SLO Endpoint and SLO Response Endpoint blank. Asana does not support single logout (SLO).
- Enter a suitable value for Assertion Validity Duration (in seconds). A value of 300 seconds is typical.
- Click Save and Continue.
Because Asana expects an email address to identify a user in the SSO
- If you use email address to sign on through PingOne, click Save and Close.
- If you sign on with a username, select Email Address in the PingOne User Attribute list to map that to the SAML_SUBJECT, then click Save and Close.
- Enable user access to this new application by moving the toggle to the right.
On the Configuration tab of the newly-created
Asana application, copy and save the Issuer ID
and Initiate Single Sign-On URL.
You will need these when configuring SAML on Asana.
Add PingOne as an identity
provider (IdP) to Asana:
- Sign on to Asana with a Super Admin account for your Enterprise Organization.
- Click your profile photo and select Admin Console in the menu.
- Go to the Security tab.
- Go to the SAML authentication tab.
In SAML options, click
This is the recommended value when testing. You can change it later to Required for all members, except guest accounts.
- Paste the Initiate Single Sign-On URL value that you saved earlier into the Sign-in page URL field.
- Open the .crt file that you downloaded in a text editor and copy and paste the entire contents into the X.509 certificate field.
- Click Save configuration.
Test the PingOne IdP
Go to your PingOne
Application Portal and sign on with a user account.
You can find the PingOne Application Portal URL in the admin console at .
Click the Asana icon.
You're redirected to the Asana web site and signed on with SSO.
- Go to your PingOne Application Portal and sign on with a user account.
Test the PingOne service
provider (SP) integration:
Go to https://app.asana.com/, choose the option to
sign on with SSO, and enter your email address only.
You're redirected and presented with a PingOne sign on prompt.
Enter your PingOne
username and password.
After successful authentication, you're redirected back to Asana and signed on.
- Go to https://app.asana.com/, choose the option to sign on with SSO, and enter your email address only.