Use PingFederate to set up a service provider (SP) connection to Identity IQ.
IdentityIQ can integrate with PingFederate through an SP connection. To set up this connection:
- In the PingFederate Identity Provider, click Create New to add the SP connection to IdentityIQ.
- On the Connection Type tab, ensure Browser SSO Profiles is selected and click Next.
- On the Connection Options tab, ensure Browser SSO is selected and click Next.
- For Import Metadata, ensure None is selected and click Next.
-
On the General Info tab, in the Connection
Name and Partner's Entity ID fields,
enter IdentityIQ..
- Click Next.
- On the Browser SSO tab, click Configure Browser SSO.
- Check SP-initiated SSO and SP-initiated single logout (SLO) if necessary.
- Click Next under the Assertion Lifetime.
- Click Configure Assertion Creation.
- On the Identity Mapping tab, select Standard if the name attribute to send to IdentityIQ is known, otherwise select the required identity mapping.
-
Under the Attribute Mapping, select the subject name format required for
authentication.
IdentityIQ and PingFederate support the following subject name formats:
- urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
- urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
- urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
- urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName
- urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos
- urn:oasis:names:tc:SAML:2.0:nameid-format:entity
-
On the Authentication Source Mapping tab, configure the
required adapter or authentication policy. The following example uses a simple
form adapter. After you configure the adapter, click
Next.
-
Click Configure Protocol Settings.
- On the Allowable SAML Bindings tab, select POST.
-
On the Signature Policy tab, select the
Always Sign Assertion and Sign Response as
Required checkboxes.
-
Under Configure Credentials, select the Signing Certificate to sign the SAML
assertions as shown below. You must export the Signing Certificate to use it in
the IdentityIQ SAML SSO configuration.
- Click Done and Save.