Configuring Ping Identity Single Sign-On Integration with SAML
This guide shows you how to configure Ping Identity and Acunetix Premium+ for Single Sign-On.
Ping Identity provides federated identity management and intelligent access so users can connect securely to the cloud, mobile, and on-premises applications. The platform uses adaptive authentication and SSO for single-click access to all apps. This prevents security breaches and helps with the management of sensitive data.
How to configure Ping Identity with SAML
There are two parts to this procedure:
How to add an application to Ping Identity
- Log in to your Ping Identity account.
- From the main menu, select Connections > Applications.
- From the Applications page, select the + (plus) sign.
- Enter your application name, then select SAML Application. (For this example, the application's name is Acunetix.)
- Select Configure when available after selecting the SAML Application.
- From the SAML Configuration, select Manually Enter.
- Open a new tab and log in to Acunetix.
- From the Acunetix menu, select Settings > Users & Access > SSO.
- Turn on the Enable SSO toggle.
- Select PingIdentity from the SSO Provider drop-down list.
- Copy the SAML 2.0 Service URL from Acunetix and paste it into the ACS URLs field in your Ping Identity account.
- Copy the Identifier from Acunetix and paste it into the Entity ID field in Ping Identity.
- Click Save.
You have now added Acunetix to your Ping Identity account. Next, you need to configure the Ping Identity integration to enable Single Sign-On.
How to configure Ping Identity Single Sign-On with SAML
- From the Applications page, select Acunetix.
- Turn on the toggle next to Acunetix.
- Select Acunetix.
- Select the Attribute Mappings tab, then edit (the pencil icon).
- For the saml_subject attribute, select Email Address from the PingOne Mappings drop-down.
- Click + Add.
- Add FirstName to the Attributes field and choose Given Name from the PingOne Mappings drop-down.
- Click + Add.
- Add LastName to the Attributes field and choose Family Name from the PingOne Mappings drop-down.
- Click Save.
- Select the Configuration tab, then edit (the pencil icon).
- Choose the Sign Assertion & Response option.
- Click Save.
- From the Connection Details, do the following:
- Copy the Issuer ID information, switch to the Acunetix tab, and paste the ID information into the Idp Identifier field.
- Copy the Single Signon Service URL, switch to the Acunetix tab, and paste it into SAML 2.0 Endpoint field.
- Click Download Signing Certificate to download the certificate (X509 PEM (.crt).)
- Go to your download location and open the certificate with a text editor.
- Copy the X.509Certificate information, switch to the Acunetix tab, and paste it into the X.509 Certificate field.
- Click to toggle to enable the configuration in Ping Identity.
- In Acunetix, if you select Require encrypted assertions, do one of the following:
- Select Generate a new certificate for me; OR
- Select I have an existing certificate, then upload your certificate and enter the certificate password.
IMPORTANT: Selecting Require encrypted assertions will require applying additional settings in Ping Identity. For instructions, refer to How to configure encrypted assertions in Ping Identity. |
- From the Acunetix SSO Exemptions drop-down, you can select specific users to exempt them from SSO. Doing this means the selected users can log in to Acunetix via password.
- Click Save on the Acunetix tab to complete the integration.
Acunetix informs you that the SSO configuration is saved.
How to configure encrypted assertions in Ping Identity
- Log in to your Ping Identity account.
- From the main menu, select Applications.
- From the Applications page, select Acunetix.
- Select the Configuration tab.
- Click the checkbox next to Enable Encryption.
- In the Certificate section, select Import, then click Choose File.
- Select your certificate file from step 9 above, then click Save.