PingID SSO (SAML)
Setting Up PingID SSO via SAML
Setup Instructions
Below describes how to set up PingID SSO for Single Sign-On with Codefresh using SAML. If you do not have the SAML option, please create a support ticket to enable SAML for the account.
Note: This is for PingID SSO and not PingID Federate. Steps can be used as a general guide for Ping Federate.
In Codefresh
- Navigate to Account Settings > Single Sign-On
- Select Add Single Sign-on > SAML
- Fill in the following:
- Display Name: Whatever you want to call the integration
- IDP Entry: enter fake data
- Application Certificate: enter fake data
- Click Save as we need the information to be generated first before continuing.
- Click Edit
- Copy the Assertion URL that is now displayed
In PingID SSO
- Log into PingID and select the Environment
- Go to connections > Applications
- Click the + to add an application
- The name and description are to be whatever you want.
- Select SAML Application
- Click Configure
- Select Manually Enter
- ACS URL: the Assertion URL we copied from Codefresh
- Entity ID: g.codefresh.io
- Click Save
- Go to the Configuration Tab
- Download X509 Certificate or Metadata
- Click on Attribute Mappings
- Add the following mappings
- email <- Email Address
- firstName <- Given Name
- lastName <- Family Name
- Toggle the Enable option to make this app available
Note: For PingID Federate you will need to add the follwing mapping: NameID <- Email Address
Back In Codefresh
- We are going to fill in the fields with the PingID SSO Information
- IDP Entry: this will be the will be the Single Signon Service URL in PingID SSO
- Application Certificate: Copy and paste the information for the Certificate
- Note: you will get a warning when editing the Certificate section
- You can use with or without the
-----BEGIN CERTIFICATE-----
and-----END CERTIFICATE-----
as long the Certificate data is there
- Click Save
Test SSO Connection
Now test the SSO with a test user in a different browser or private/incognito browser to make sure it is working
- Go to Account Settings > User & Teams
- Locate a test user
- On the SSO Column, select the SSO name to enable SSO for the user
- In a different browser or private/incognito browser window use the Corporate option to log in