---
title: Configuring SSO and SCIM for Uber for Business
description: To set up single sign-on (SSO) for administrators and coordinators in your organization, create an SP connection in PingFederate and then work with your sales manager or business API support agent to enable SSO.
component: solution-guides
page_id: solution-guides:single_sign-on_use_cases:htg_uber_sso_scim_overview
canonical_url: https://docs.pingidentity.com/solution-guides/single_sign-on_use_cases/htg_uber_sso_scim_overview.html
revdate: December 14, 2023
page_aliases: ["single_sign-on_use_cases:htg_uber_config_sso.adoc", "single_sign-on_use_cases:htg_uber_config_scim.adoc"]
section_ids:
  before-you-begin: Before you begin
  configuring-sso: Configuring SSO
  about-this-task: About this task
  steps: Steps
  result: Result:
  configuring-scim: Configuring SCIM
  about-this-task-2: About this task
  steps-2: Steps
---

# Configuring SSO and SCIM for Uber for Business

To set up single sign-on (SSO) for administrators and coordinators in your organization, create an SP connection in PingFederate and then work with your sales manager or business API support agent to enable SSO.

Then, configure PingFederate for System for Cross-domain Identity Management (SCIM) with the service provider (SP) connection that you created.

## Before you begin

Ensure that PingFederate is correctly installed and configured. For more information, see the following:

* [Installing PingFederate](https://docs.pingidentity.com/pingfederate/latest/installing_and_uninstalling_pingfederate/pf_installing_pf.html)

* [Setting up PingFederate](https://docs.pingidentity.com/pingfederate/latest/getting_started_with_pingfederate/pf_setting_up_pf.html)

* [Specifying federation information](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/help_protocolsettingstasklet_federationinfostate.html)

  |   |                                                                                                                                                    |
  | - | -------------------------------------------------------------------------------------------------------------------------------------------------- |
  |   | Ensure that the SAML 2.0 entity ID is specified. This ID is usually defined as an organization's URL or a DNS address, such as `pingidentity.com`. |

* [Manage digital signing certificates and decryption keys](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/help_certmanagementtasklet_dsigsigningcert_certmanagementstate.html)

* [Datastores](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/help_managedatasourcestasklet_managedatasourcesstate.html)

* [Password credential validators](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/help_passwordcredentialvalidatortasklet_passwordcredentialvalidatormgmtstate.html)

* [HTML Form Adapter](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/pf_html_form_adapt.html)

## Configuring SSO

### About this task

Start by creating an SP connection in PingFederate.

### Steps

1. Go to **Applications → SP Connections** and click **Create Connection**.

2. Ensure that **Do not use a template for this connection** is selected. Click **Next**.

3. On the **Connection Template** tab, select **Browser SSO Profiles** and the **SAML 2.0** protocol. Click **Next**.

4. On the **Connection Options** tab, ensure that **Browser SSO** is selected. Click **Next**.

5. On the **Import Metadata** tab, ensure that **None** is selected. Click **Next**.

6. On the **General Info** tab, in the **Partner's Entity ID** and **Connection Name** fields, enter `uber.com`. Click **Next**.

7. On the **Browser SSO** tab, click **Configure Browser SSO**.

   1. On the **SAML Profiles** tab, select both **IdP-Initiated SSO** and **SP-Initiated SSO**. Click **Next**.

   2. On the **Assertion Lifetime** tab, specify the number of minutes for which the assertion will be valid before and after it's issued. Click **Next**.

   3. On the **Assertion Creation** tab, click **Configure Assertion Creation**.

      1. On the **Identity Mapping** tab, ensure that **Standard** is selected. Click **Next**.

      2. On the **Attribute Contract** tab, set **SAML\_SUBJECT** to `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress`. Click **Next**.

   4. On the **Authentication Source Mapping** tab, select **Map New Adapter Instance**.

      1. On the **Adapter Instance** tab, click **Manage Adapter Instances** and then click **Create New Instance**.

      2. On the **Type** tab, enter a unique name and ID (with no spaces) for the adapter, select **HTML Form IdP Adapter** from the **Type** field. Click **Next**.

      3. On the **IdP Adapter** tab, click **Add a new row to Credential Validator**, select the type of validator that you use for your datastore from the list, and click **Update**. Click **Next** at the bottom of the page.

      4. Click **Next** on the **Extended Contract** tab.

      5. On the **Adapter Attributes** tab, in the **Pseudonym** column, select **username**. Click **Next**.

      6. On the **Adapter Contract Mapping** tab. Click **Next** and then click **Save** at the bottom of the page.

         The identity provider (IdP) adapter that you just created displays in the list of available adapters.

      7. Click **Done**.

   5. On the **Adapter Instance** tab, select the instance that you just created. Click **Next**.

      1. Ensure that the **Use Only the Adapter Contract Values in the SAML Assertion** option is selected. Click **Next**.

      2. On the **Attribute Contract Fulfillment** tab, in the **Source**list, select **Adapter**, and in the **Value** list, select **username**. Click **Next**.

      3. On the**Issuance Criteria** tab, click**Next**.

      4. On the **Summary** tab, click **Done**.

   6. On the **Authentication Source Mapping** tab, click **Next**.

   7. On the **Summary** tab, click **Done**.

   8. On the **Assertion Creation** tab, click **Next**.

   9. On the **Protocol Settings** tab, click **Configure Protocol Settings**.

      1. In the **Binding** list, select **Post**.

      2. In the **Endpoint URL** field, enter `https://auth.uber.com/v2/saml/acs/`.

      3. Click **Add**. Click **Next**.

      4. On the **Allowable SAML Bindings** tab, deselect **Artifact** and **SOAP**. Click **Next**.

      5. On the **Signature Policy** tab and the **Encryption Policy** tab, click **Next**.

      6. On the **Summary** tab, click **Done**.

         You return to the **Browser** SSO tab.

8. Click **Next**.

9. On the **Credentials** tab, click **Configure Credentials** and select your signing certificate in the **Signing Certificate** list. Click **Next** and then click **Done**.

10. On the **Credentials** tab, click **Next**.

11. On the **Activation and Summary** tab, click **Save**.

    #### Result:

    The SP connection you just created displays in the list of available SP connections.

## Configuring SCIM

### About this task

Next, configure PingFederate for SCIM using the SP connection that you created:

### Steps

1. Download the SCIM Provisioner files and deploy them to your PingFederate directory.

   See [Deploying the integration files](https://docs.pingidentity.com/integrations/scim/setup/pf_scim_connector_deploying_the_integration_files.html) for instructions.

2. In PingFederate, go to the **SP Connections** page.

3. Select the SP connection that you created for SSO and click the **Connection Type** tab.

4. Select the **Outbound Provisioning** option, then in the **Type**list, select **SCIM Connector**. Click **Next**.

5. Click **Next** until you reach the **Outbound Provisioning** tab. Click **Configure Provisioning**.

6. Create a SCIM app, obtain the SCIM Base URL, and enter it in the **SCIM URL** field.

   See the [Custom SCIM app](https://developer.uber.com/docs/scim/idp/custom) instructions in the Uber Developers Guide for details.

7. In the **Authentication Method** field, select **OAuth 2.0 Bearer Token**.

8. In the **Access Token** field, enter the access token.

   Generate this token from your app on developer.uber.com.

9. Click **Next**.

10. On the **Manage Channels** tab, create a new channel:

    1. In the **Channel Name**field, enter a unique name for the channel.

    2. In the **Source** list, select your datastore.

    3. In the **Source Location** field, enter the base DN (CN=Users, DC=domain, DC=com).

    4. In the **Filter** field, enter the filters that you want to use to provision users or groups. For example, you can enter `objectClass=user` to provision all users and `objectClass=groups` to provision all user groups.

    5. On the **Activation and Summary** tab, switch the channel to **Active**.

11. Enable SCIM for your organization account on the Uber platform.

    See [Onboarding to SCIM Provisioning](https://developer.uber.com/docs/scim/introduction) in the Uber Developers Guide for details.