Configuring IdentityIQ for SAML-based SSO
Use IdentityIQ’s settings to configure SAML-based single sign-on (SSO).
Steps
-
From the IdentityIQ Administration console settings menu, select Global Settings.
-
From the Global Settings menu, select Login Configuration.
-
Click the SSO Configuration tab and select the Enable SAML-based single sign-on (SSO) checkbox.
-
Enter the SAML-based SSO settings.
+[caption=] .Identity Provider Settings
| Field | Description |
|---|---|
EntityID / Issuer |
The PingFederate SAML 2.0 Entity ID or Virtual Server ID. |
SSO Login URL |
The PingFederate IdP SSO endpoint. The default value is https://<domain>:9031/idp/SSO.saml2. |
Public X.509 Certificate |
The public certificate used in the PingFederate IdentityIQ SP connection |
+[caption=] .SP Provider (IdentityIQ) Settings
| Field | Description |
|---|---|
EntityID / Issuer |
The Partner’s IdentityIQ/Connection ID setup in the PingFederate SP. |
SAML URL (ACS) |
The IdentityIQ application URL, /identityiq/home.jsf. |
SAML Binding |
The HTTP method configured in the PingFederate SP connection. |
SAML Name ID Format |
The SAML Name ID Format configured in the PingFederate SP connection. |
SAML Correlation Rule |
The correlation rule in IdentityIQ. The default value is IdentityNowSAML. |
-
Click Save.
After configuration, the default IdentityIQ login page redirects to the PingFederate identity provider (IdP). If you are required to authenticate to IdentityIQ, use the following URL: https://<domain>/identityiq/login.jsf?prompt=true.