Configuring IdentityIQ for SAML-based SSO - PingDirectory - PingFederate

Use Cases

Use Cases

Use IdentityIQ's settings to configure SAML-based single sign-on (SSO).

  1. From the IdentityIQ Administration console settings menu, select Global Settings.

    Screenshot of IdentityIQ window showing the location of Global Settings in the menu beneath the wrench icon.
  2. From the Global Settings menu, select Login Configuration.
  3. Click the SSO Configuration tab and select the Enable SAML-based single sign-on (SSO) checkbox.
  4. Enter the SAML-based SSO settings.
    Identity Provider Settings
    Field Description
    EntityID / Issuer The PingFederate SAML 2.0 Entity ID or Virtual Server ID.
    SSO Login URL The PingFederate IdP SSO endpoint. The default value is https://<domain>:9031/idp/SSO.saml2.
    Public X.509 Certificate The public certificate used in the PingFederate IdentityIQ SP connection
    SP Provider (IdentityIQ) Settings
    Field Description
    EntityID / Issuer The Partner's IdentityIQ/Connection ID setup in the PingFederate SP.
    SAML URL (ACS) The IdentityIQ application URL, /identityiq/home.jsf.
    SAML Binding The HTTP method configured in the PingFederate SP connection.
    SAML Name ID Format The SAML Name ID Format configured in the PingFederate SP connection.
    SAML Correlation Rule The correlation rule in IdentityIQ. The default value is IdentityNowSAML.
  5. Click Save.

    After configuration, the default IdentityIQ login page redirects to the PingFederate identity provider (IdP). If you are required to authenticate to IdentityIQ, use the following URL: https://<domain>/identityiq/login.jsf?prompt=true.