ADFS Integration with PingOne
Local User Groups
BACK TO KNOWLEDGE BASE HOME >
ADFS Integration with PingOne
Register for PingOne & Login for the first time. Check your email to confirm the registered email address and then get started by clicking the “Finish your Setup” option to configure an Identity Bridge
Choose an Identity Bridge from the list. For ADFS, you will need to select “3rd-party SAML.”
Under the "CONFIGURE YOUR IDP CONNECTION" heading, choose the “Download PingOne Metadata” link to download the metadata for PingOne. This file will be called “pingone-metadata-sp.xml” and will be imported into ADFS in a later step.
The next steps will configure the ADFS IDP side. Launch the ADFS 2.0 console.
Under “Trust Relationships > Relying Party Trusts”, add a new Relying Party Trust. This will launch a wizard.
The first step is to import the PingOne metadata file downloaded above
Give the connection a name (ie: PingOne)
Choose the issuance rules (ie: permit all)
Click “Next” to view the summary and complete the wizard.
Leave the “Open the Edit Claim Rules…” option selected and finish the wizard
This will launch the “Edit Claim Rules” configuration utility.
This example will only gather claims from Active Directory to present to PingOne
Configure a basic claim set. The four attributes included are required attributes for PingOne, however, the values may change according to your organization (ie: you name use email address instead of sAMAccountName as the Name ID)
After configuring the claims, back on the ADFS 2.0 Relying Party Trusts window, right-click the PingOne connection and view the properties for the connection. Browse to the Encryption tab and “Remove” the encryption certificate.
That completes the ADFS configuration. Next, go back into the PingOne console and complete the configuration of the Identity Bridge.
In the Identity Bridge configuration page in PingOne titled “Configure the Connection at PingOne”, upload the Federation Metadata from the ADFS server.
The Federation Metadata can be found at:
<ADFS server name>
If your ADFS server is accessible to the public Internet, choose the “Or use URL” link to download metadata from our ADFS server. Or download the xml file and upload it.
Once the metadata is imported, choose POST as the binding type and choose Save Configuration to commit the changes.
A message will be presented indicating that the SAML configuration was successful. Next, configure the PingOne Dock. Click the "Dock Configuration" tab at the top of the page, then click to put check in "Show advanced settings."
Scroll down to the bottom of the PingOne Dock configuration page configure the attribute mappings:
memberOf – http://schemas.xmlsoap.org/claims/Group
fname – http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
lname – http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
Click “Save changes” when complete.
That’s it! Access the PingOne Dock URL found on the main Dashboard page of the PingOne console to test SSO.
3rd Party Identity Bridge
KB or other URL: