Improve this page on GitHub

PingID SSO via SAML

Setting up PingID SSO via SAML

Set up SSO for PingID using SAML in Codefresh.

NOTE
The configuration described here is for PingID SSO and not PingID Federate. The steps can be used as a general guide for Ping Federate.

For a general overview on SAML, see Setting up SAML2 Federated SSO.

NOTE
If you do not see SAML in the SSO list, please create a support ticket to enable SAML for your account.

Setting up SAML SSO for PingID includes:

  1. Configuring SSO settings for PingID via SAML in Codefresh
  2. Configuring SSO settings for Codefresh in PingID
  3. Completing SSO configuration for PingID in Codefresh

Step 1: Configure SSO settings for PingID via SAML in Codefresh

Configure SSO for PingID via SAML in Codefresh. The Assertion URL is automatically generated when you add the integration.

  1. In the Codefresh UI, from the toolbar click the Settings icon.
  2. In the sidebar, from Access & Collaboration, select Single Sign-On.
  3. Click Add single-sign-on, select SAML, and then click Next.
  4. Enter the connection details:
    • Display Name: Any arbitrary name for this integration.
    • IDP Entry: Type in any character. You will enter the correct value from PingID in the final step.
    • Application Certificate: Type in any character. You will enter the correct value from PingID in the final step.
    • Provider: Leave empty.
  5. Click Add. The SAML integration for PingID is added and appears in the list of SSOs.
  6. In the Single Sign-On page, click the Edit icon for the PingID SAML integration you created.
  7. Copy the Assertion URL (client ID) that was automatically generated when you added the integration.
  8. Continue with Step 2: Configure SSO settings for Codefresh in PingID.

Step 2: Configure SSO settings for Codefresh in PingID

  1. Log in to PingID and select the Environment.
  2. Select Connections > Applications.
  3. To add Codefresh as a new application, click +.
  4. Enter the Application Name and Description.
  5. Select SAML Application and then click Configure.
  6. Select Manually Enter and define the following:
    • ACS URL: The Assertion URL you copied from Codefresh.
    • Entity ID: g.codefresh.io.
  7. Click Save.
  8. Go to the Configuration tab.
  9. Download the X509 Certificate or Metadata.
  10. Click Attribute Mappings, and add the following mappings
    • email:Email address
    • firstName: Given name
    • lastName: Family name

    NOTE
    For PingID Federate, you must add the following mapping: NameID <- Email Address

  11. Toggle the Enable option to on to make the application available.
  12. Continue with Step 3: Complete SSO configuration for PingID in Codefresh.

Step 3: Complete SSO configuration for PingID in Codefresh

As the final step in configuring SSO for PingID, add the IDP Entry and Certificate values from PingID.

  1. IDP Entry: The IDP URL from the SSO tab in Jump Cloud.
  2. Application Certificate: Copy and paste the content between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- from the certificate you downloaded into the field. You can also include the BEGIN and END lines.

    NOTE
    You will get a warning when editing the Certificate section.

  3. Click Save.

You have completed SSO integration for PingID via SAML in Codefresh.

Test SSO Connection

Now test the SSO with a test user in a different browser or private/incognito browser to make sure the integration works as it should.

  1. In the Codefresh UI, on the toolbar, click the Settings icon and then select Account Settings.
  2. From the sidebar, below Access & Collaboration, select Users & Teams.
  3. Locate a test user, and from the SSO list, select the integration name to enable SSO for that user.
  4. In a different browser or private/incognito browser window use the Corporate option to log in.

Federated Single Sign-On (SSO) overview
Setting up SAML2 Federated SSO
Common configuration for SSO providers