Ping Identity SAML Authentication
Ping Identity provides enterprise services, including SSO using the SAML protocol.
To use Ping Identity to authenticate users in the Akeyless Platform, you need to set up Akeyless as an application in the Ping Identity Platform. You can then create a SAML authentication method in Akeyless for Ping Identity.
Prerequisites
In order to use Ping Identity SAML authentication for the Akeyless Platform, you must have an Akeyless account and a Ping Identity account (either a trial account or a regular account with enterprise SSO support).
Create a Ping Identity Application
-
Log in to PingOne, and go to Applications > Add Application > New SAML Application.
-
On the Application Details page, define the application name, description, and category, then select Continue to Next Step.
-
On the SAML Configuration page, select Import from URL, and enter the Akeyless metadata URL:
https://auth.akeyless.io/saml/metadata
-
Once the metadata has been uploaded, configuration information appears. Ensure that:
- Assertion Consumer Service (ACS):
https://auth.akeyless.io/saml/acs
- Entity ID:
https://auth.akeyless.io/saml/metadata
-
From the Signing options, select the Sign Assertion radio button, then select Continue to Next Step.
-
On the Attribute Mapping tab, select Add New Attribute, and add the following attribute settings:
- Application Attribute:
SAML_SUBJECT
should be mapped toUser ID
- Application Attribute:
Email
should be mapped toEmail Address
-
Edit your Application configuration and in the SUBJECT NAMEID FORMAT field,
selecturn:oasis:names:tc:SAML:2.0:nameid-format:transient
-
Select Continue to Next Step.
-
Add the groups in your Ping Identity account to this application, then select Continue to Next Step and Finish.
Your new application appears in the list of available applications.
Create a SAML Authentication Method
-
Log in to the Akeyless Web Console, and go to Users & Auth Methods > New > SAML.
-
In the IDP Metadata URL field, add the URL metadata from your Ping Application configuration tab.
-
Set the Unique Identifier field with
email
.
Note
Unique Identifier should be a key name, i.e. not the value itself. for example,
- Click Finish.
Updated about 1 year ago