Use Cases

Configuring PingOne for Enterprise SSO with PingFederate Bridge as the identity repository

To enable PingOne for Enterprise single sign-on (SSO) using PingFederate Bridge as a new identity repository, use the PingFederate administrative console and the PingOne for Enterprise admin portal. To integrate PingOne for Enterprise SSO with an existing PingFederate configuration, see Connecting to PingOne for Enterprise after initial setup.

Components

  • PingOne for Enterprise

  • PingFederate Bridge (available through PingOne for Enterprise)

Before you begin

You must have:

  • A PingOne for Enterprise admin portal account

  • An instance of PingFederate Bridge

Connecting PingFederate Bridge to PingOne for Enterprise through the PingOne for Enterprise admin portal

Connect PingOne for Enterprise SSO to PingFederate Bridge through the PingOne for Enterprise admin portal.

About this task

You can also connect PingOne for Enterprise SSO to PingFederate Bridge through PingFederate Bridge. To connect to PingOne for Enterprise SSO through the PingOne for Enterprise admin portal:

Steps

  1. In the PingOne for Enterprise admin portal, click Setup.

  2. On the Identity Repository tab, click Connect to an Identity Repository.

    If you have previously configured an identity repository, Change Identity Repository appears. Contact support about changing your identity repository or making changes to your existing PingFederate identity repository configuration because making changes affects your PingOne for Enterprise configuration.

  3. From the Connect to an Identity Repository menu, select PingFederate. Click Next.

  4. Select No, and click Next.

    To integrate with an existing PingFederate implementation, see PingOne for Enterprise.

  5. To choose your server platform, follow the on-screen instructions.

  6. To download PingFederate Bridge, follow the on-screen instructions.

  7. To install and configure PingFederate Bridge, follow the on-screen instructions.

  8. In the PingFederate administrative console, review the license agreement. Click Accept.

  9. In the PingOne for Enterprise admin portal, from the Complete Quick Start section, copy the activation key.

    Screen capture of the Complete Quick Start section. The Activation Key field is highlighted with a red box. Below the activation key field reads: To connect to your account, copy this unique activation key into when prompted. This is a single-use activation key. A new key will be generated for each session.

  10. In the PingFederate administrative console, click Yes, Connect to PingOne for Enterprise.

  11. In the Activation Key field, paste the activation key you copied from the PingOne for Enterprise admin portal.

    Screen capture of the Yes, Connect to section. The Activation Key field is highlighted with a red box. Text reads To connect this node to your account, enter your activation key. A link below reads Sign on to PingOne to get your activation key.

  12. Click Next.

    Result:

    The PingFederate administrative console displays the Identities section.

  13. Proceed to Configuring PingOne for Enterprise SSO with PingFederate Bridge.

Connecting PingFederate Bridge to PingOne for Enterprise through PingFederate Bridge

Connect PingOne for Enterprise SSO to PingFederate Bridge through PingFederate Bridge.

About this task

You can also connect PingOne for Enterprise SSO to PingFederate Bridge through the PingOne for Enterprise admin portal. To connect to PingOne for Enterprise SSO through PingFederate Bridge:

Steps

  1. Install PingFederate from the Ping Identity Downloads Page.

  2. To start the PingFederate server in Linux, run the following script.

    <YOUR PING FEDERATE DIRECTORY>/pingfederate/bin/run.sh

    In Windows, the server starts automatically after installation.

  3. Open the PingFederate administrative console.

    1. Open a browser and enter https://Your Server Domain:9999/pingfederate/app.

      Your Server Domain is your fully qualified domain name (FQDN).

    2. To proceed, review the license agreement. Click Accept.

  4. Click Yes, Connect to PingOne for Enterprise.

  5. Click Sign on to PingOne to get your activation key and enter your credentials to sign on.

    A screen capture of the Yes, Connect to section. The link reading Sign on to PingOne to get your activation key is highlighted with a red box. Above the link the text reads To connect this node to your account, enter your activation key.

    Result:

    The admin portal displays the activation key.

  6. Copy the activation key from the PingOne for Enterprise admin portal to your clipboard.

    A screen capture of the PingOne admin portal Activation Key field. The field is highlighted with a red box and contains sample key text.

  7. In the PingFederate administrative console, in the Activation Key field, paste the key value.

    Screen capture of the Yes, Connect to section. The Activation Key field is highlighted with a red box. Text reads To connect this node to your account, enter your activation key. A link below reads Sign on to PingOne to get your activation key.

  8. Click Next.

    Result:

    The PingFederate administrative console displays the Identities section.

  9. Proceed to Configuring PingOne for Enterprise SSO with PingFederate Bridge.

Configuring PingOne for Enterprise SSO with PingFederate Bridge

About this task

To configure PingOne for Enterprise SSO with PingFederate Bridge as the identity repository:

Steps

  1. From the PingFederate Bridge administrative console Identities section, select Yes, Connect a Directory Server.

  2. Enter information in the fields that is appropriate for your directory server.

    Field Description

    Directory Type

    Select the type of directory server from the list.

    Data Store Name

    Enter the name of the datastore.

    Hostname

    Enter the fully qualified domain name (FQDN) for your directory server.

    Service Account DN

    Enter the distinguished name (DN) of the service account that PingFederate Bridge can use to communicate with the directory server.

    Password

    Enter the password associated with the service account.

    Search Base

    Enter the DN of the location in the directory where PingFederate Bridge begins its datastore queries.

    Search Filter

    Specify how the username provided by a user at sign-on is mapped to an attribute in your directory.

    The default value is either sAMAccountName=${username} or uid=${username}, depending on the selected directory type.

    If you require a more advanced search filter, enter the value in the following format: <Your attribute Name>=${username}. For more information, consult your directory administrators.

  3. Click Next.

    If your directory server is SSL-enabled and presents an untrusted certificate, PingFederate Bridge prompts you to upload the server’s certificate. Click Choose Certificate, select the appropriate certificate, and click Next.

  4. In the Use Cases section, select the PingOne SSO check box, leaving the Additional SSO Features check box unselected. Click Next.

  5. In the Basic Information section, in the Base URL field, enter https://Your Server Domain:9031.

    Your Server Domain is your FQDN.

  6. Click Next.

  7. In the Confirmation section, review your configuration. To apply the configuration to PingFederate Bridge, click Next.

  8. Click Done.

Result

PingOne for Enterprise SSO, using PingFederate Bridge as the identity repository, is enabled for your PingOne for Enterprise applications.