Grant administrative users single sign-on (SSO) access to the PingOne SSO for SaaS Apps admin portal.
- In the admin portal, go to .
Import the IdP metadata.
- To upload the metadata file, click Select File .
- To enter the metadata URL, click Or use URL .
- In the Entity ID field, enter the entity ID provided by the IdP.
- In the SSO Endpoint field, enter the endpoint at the IdP to which PingOne sends AuthnRequests.
- On the Verification Certificate line, click Select File to browse and upload the IdP's public signing certificate that PingOne will use to sign SAML assertions.
- In the Single Logout Endpoint field, enter the IdP endpoint to which PingOne will send single logout (SLO) requests.
- In the Single Logout Response Endpoint field, enter the IdP endpoint to which PingOne will send SLO responses.
- On the Single Logout Binding Type line, click either the Redirect or Post button to determine which binding type PingOne will use to send SLO requests.
- Select the Sign the AuthnRequest box to make PingOne sign AuthnRequests to the IdP.
- To download the PingOne signing certificate for upload to your IdP, click Download.
- From the Signing Algorithm list, select the algorithm PingOne will use to sign AuthnRequests to the IdP.
- To download the PingOne metadata for upload to your IdP, click Download PingOne Metadata.
- Click Save Settings.
- Go to .
For each admin group you want to authorize to SSO, click Add
If you're using LDAP groups, this needs to be the full distinguished name (FDN) for the administrator group (
CN=admins,OU=example,...).Note: You can assign groups to a read-only administrative role, which grants the administrator access to the areas of the admin portal normally allowed by that role, but not the ability to change settings.
- Click Save.
If you also intend to initiate SSO from your IdP, you must configure your IdP to append one of the following parameters to PingOne's ACS URL: