• Link PingOne to an identity repository containing the users requiring application access.
  • Populate Osano with at least one user to test access.
  • You must have administrative access to PingOne and an Admin account for an Enterprise Organization on Osano.
  1. Add the Osano application to PingOne:
    1. In PingOne, in the left menu, click Connections, then Applications.
    2. To add a new application, click the + icon next to the Applications heading.
      Screen capture of PingOne Applications page with an arrow pointing to the plus icon next to Applications.
    3. Select Web App when prompted to select an application type and click Configure next to SAML for the chosen connection type.
    4. Enter Osano as the application name.
    5. Enter a suitable description.
    6. Upload an icon if desired.
    7. Click Next.
    8. For Provide App Metadata, select Manually Enter.
    9. For ACS URL, enter the value: https://auth.osano.com/saml2/idpresponse
    10. Select the Signing Key to use and click Download Signing Certificate to download as X509 PEM (.crt).
    11. For Entity ID, enter the value: urn:amazon:cognito:sp:us-east-1_7GtagkRKw.
      Note:

      Leave SLO Endpoint and SLO Response Endpoint blank. Osano does not support single logout (SLO).

    12. In the Subject NameID Format list, select urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.
    13. Set a suitable value for Assertion Validity Duration (in seconds). A value of 300 seconds is typical.
    14. Click Save and Continue.
    15. Change the saml_subject attribute to Email Address.
      Note:

      Osano expects an email address to identify a user in the SSO security assertion.

    16. Select Add Attribute and Ping One Attribute and enter http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress as the Application Attribute. Map this to the PingOne User Attribute for Email Address.
    17. Select Add Attribute and Ping One Attribute and enter http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name as the Application Attribute. Map this to the PingOne User Attribute for Name.
    18. Click Save and Close.
    19. Enable user access to this new application by moving the toggle to the right.
    20. On the Configuration tab of the newly created Osano application, download the metadata.
      Screen capture of PingOne metadata connection details with the Download Metadata button highlighted in yellow.
  2. Add PingOne as the identity provider (IdP) to Osano:
    1. Open a Support request with your Osano Support Representative and supply the Metadata File exported in Step 1. This should contain the following:
      • Identity Provider Issuer
      • Identity Provider Single Sign-On URL
      • X.509 Certificate

      Osano configures these settings for your account, and the connection is established.

  3. Test the PingOne IdP integration:
    1. Go to the PingOne SSO Application Endpoint for the Osano SP connection.
    2. Complete the PingOne authentication.

      You're redirected to your Osano domain.

  4. Test the PingOne SP connection:
    1. Go to https://my.osano.com,  select the option to sign on with SSO, and enter your email address only.

      You're redirected and presented with a PingOne sign on prompt.

    2. Enter your PingOne username and password.
      Screen capture of PingOne sign on page.

      After successful authentication, you're redirected back to Osano and signed on.