Setting Up Ping Identity SAML Authentication

Ping Identity provides enterprise services, including SSO using the SAML protocol.

To use Ping Identity to authenticate users in the Akeyless Vault Platform, you need to set up Akeyless as an application in the Ping Identity Platform. You can then create a SAML authentication method in Akeyless for Ping Identity.

👍

Prerequisites

In order to use Ping Identity SAML authentication for the Akeyless Vault Platform, you must have an Akeyless account and a Ping Identity account (either a trial account or a regular account with enterprise SSO support).

Set up an Application the Ping Identity Platform

  1. Log in to PingOne, and go to Applications > Add Application > New SAML Application.

  2. On the Application Details page, define the application name, description, and category, then select Continue to Next Step.

  3. On the Application Configuration page, select I have the SAML configuration, then download the SAML metadata.

👍

Keep this information, as you will need to add this metadata when you set up the SAML authentication method in Akeyless.

  1. Upload the Akeyless metadata from https://auth.akeyless.io/saml/metadata.

  2. Once the metadata has uploaded, configuration information appears. Ensure that:

    • Assertion Consumer Service (ACS): https://auth.akeyless.io/saml/acs
    • Entity ID: https://auth.akeyless.io/saml/metadata
  3. From the Signing options, select the Sign Assertion radio button, then select Continue to Next Step.

❗️

Do not make any other changes to the configuration settings.

  1. On the SSO Attribute Mapping page, select Add New Attribute, and add the following attribute settings:

    • Application Attribute: SAML_SUBJECT
    • Identity Bridge Attribute or Literal Value: Email
  2. Select Advanced, and, in the Name ID Format to send to SP field, select urn:oasis:names:tc:SAML:2.0:nameid-format:transient.

  3. Ensure that Identity Bridge Attribute or Literal Value is still set to Email, then select Save.

  4. If you plan on using sub-claims in Akeyless for better access control, provide an additional mapping to send more attributes to Akeyless. For example:

  • Application Attribute: email
  • Identity Bridge Attribute or Literal Value: [email protected]
  1. Select Continue to Next Step.

  2. Add the groups in your Ping Identity account to this application, then select Continue to Next Step and Finish.

Your new application appears in the list of available applications.

Create a SAML Authentication Method for Ping Identity

  1. Log in to the Akeyless Web Console, and go to Auth Methods > New > SAML.

  2. In the IDP XML Metadata field, add the XML metadata you downloaded when you set up Akeyless as a new application in Ping Identity.

👍

If you don’t have the file, log back into PingOne and download the SAML metadata.

The authentication method should look similar to the following:

  1. Select Save.

You can now begin using this authentication method.


Did this page help you?