Configuring SAML SSO with Evernote and PingFederate

Page created: 2 Jul 2021 |

Page updated: 14 Dec 2021

| 2 min read

Single Sign-on (SSO) Capability PingFederate Product SAML Standards, specifications, and protocols

Learn how to enable Evernote sign on from a PingFederate URL (IdP-initiated sign on) and direct Evernote sign on using PingFederate (SP-initiated sign on).

Configure PingFederate to authenticate against an IdP or datastore containing the users requiring application access.
Populate Evernote with at least one user to test access.
You must have administrative access to PingFederate and Evernote.

Create a PingFederate SP connection for Evernote:
1. Sign on to the PingFederate administrative console.
2. Create an SP connection for Evernote in PingFederate:
  1. Configure using Browser SSO profile SAML 2.0.
  2. Set Partner’s Entity ID to https://www.evernote.com/saml2.
  3. Enable the following SAML Profiles:
    - IdP-Initiated SSO
    - SP-Initiated SSO
  4. In Assertion Creation > Authentication Source Mapping > Attribute Contract Fulfillment, map SAML_SUBJECT.
  5. In Protocol Settings > Assertion Consumer Service URL, set Binding to POST and set Endpoint URL to https://www.evernote.com/SamlConsumer.action.
  6. In Protocol Settings > Allowable SAML Bindings, enable POST.
  7. In Credentials > Digital Signature Settings, select the PingFederate Signing Certificate.
3. Save the configuration.
4. Export the signing certificate.
5. Export the metadata, open the metadata file in a text editor, and copy the value of the Location entry (https://<your value>/idp/SSO.saml2).
Add the PingFederate connection to Evernote:
1. Sign on to your Evernote Admin organization as an administrator and go to the Evernote Business Admin Console.
2. Go to Security > Single Sign-On.
3. Set SAML HTTP Request URL to the Location value from the metadata file that you downloaded previously (https://<your value>/idp/SSO.saml2).
4. In a text editor, open your PingFederate signing certificate file, copy the contents, and paste your signing certificate contents into the X.509 Certificate field.
5. Click Save & Enable.
Test the PingFederate IdP-initiated SSO integration:
1. Go to the PingFederate SSO Application Endpoint for the Evernote SP connection.
2. Complete the PingFederate authentication.
  
  You're redirected to your Evernote domain.
Test the PingFederate SP-initiated SSO integration:
1. Go to your Evernote URL.
2. Select the PingFederate sign-on option.
3. After you're redirected to PingFederate, enter your PingFederate username and password.
  
  You're redirected back to Evernote.

Configuring SAML SSO with Evernote and PingFederate - PingFederate

Configuration Guides