To allow PingFederate to coordinate authentication for Workplace from Facebook, export your signing certificate and configure SAML in Workplace from Facebook.
- SAML URL, such as https://pf_host:pf_port/idp/SSO.saml2
- SAML 2.0 Entity ID that you set in
- SAML certificate
- This is the public signing certificate from PingFederate used to sign the SAML assertion (configured in your SP connection). For more information, see Managing digital signing certificates and decryption keys in the PingFederate documentation.
The following section describes the steps to configure SSO in Workplace from Facebook. For more information, see Single Sign On Authentication in the Workplace from Facebook documentation.
In PingFederate, export your signing certificate.
- On the PingFederate admin console, go to .
- For the certificate that you want to use, in the Action column, click Export.
- On the Export Certificate tab, click Next.
- On the Export & Summary tab, click Export.
- Open the ***********.crt file in a text editor and copy the contents.
- Sign onto Workplace from Facebook as an administrator.
- Go to .
- On the Authentication tab, select the Single-sign on (SSO) check box.
- If you want to prevent users from signing on without SSO, clear the Password check box.
- In the SSO Providers section, click Add new SSO Provider or open preferences for an existing one.
- In the Name field, enter a name of your choosing.
- In the SAML URL field, enter your PingFederate SSO endpoint. For example, https://pf_host:pf_port/idp/SSO.saml2.
- In the SAML Issuer URL field, enter the PingFederate SAML 2.0 Entity ID that you set in .
- In the SAML Certificate field, paste the contents of the ***********.crt file that you exported from PingFederate.
- Click Test SSO. Resolve any issues that are reported, and then click Save.