Set up PingOne as an identity provider

Before you begin

You need to have a functional Ping server with administrator privileges or a Ping account with administrator privileges.

To integrate PingOne Identity service as an IdP in ETP:

  1. Connect a directory to PingOne.

  2. Create an ‚ÄčAkamai‚Äč Enterprise IdP application in the PingOne identity service.

  3. Add PingOne as an identity provider.

  4. Download and deploy an identity connector. For more information, see Create and download an identity connector.

  5. Add a directory to ETP. As part of this process, make sure you assign the identity connector you created to the directory. For more information, see Add a directory.

  6. Assign the directory to the PingOne IdP. For more information, see Assign directory to the PingOne identity provider.

  7. If this is the first PingOne IdP that you are creating in ETP, add domains that are specific to the PingOne Identity service to an exception list. For more information, see Add identity provider domains to an exception list.

Connect a directory to PingOne

This process synchronizes users and groups from the directory to PingOne.

To connect a directory to PingOne:

  1. Log in to the PingOne admin service: https://admin.pingone.com/web-portal/login.

  2. In the navigation menu, select Setup > Identity Repository.

  3. Click Connect to an Identity Repository.

  4. Select the service that your enterprise uses, and click Next.

  5. Complete the steps that PingOne requires for the selected directory services. For detailed instructions, see the PingOne documentation.

Next steps

Create an ‚ÄčAkamai‚Äč Enterprise IdP application in the PingOne identity service

Create an ‚ÄčAkamai‚Äč Enterprise IdP application in the PingOne identity service

To integrate your Ping user directory, create an ‚ÄčAkamai‚Äč Enterprise IdP application in the PingOne Identity service, then add your users to this application:

  1. In the PingOne navigation menu, click the Applications tab.

  2. Click Add Application and select New SAML Application from the menu.

    IMAGE_STUBIMAGE_STUB

  3. In the Application Name field, enter a name for the application.

  4. In the Application Description field, enter a description for the application. You cannot hide the application from your users. As a result, you might want to state that this application is intended for internal or administrative use only.

  5. In the Category menu, select a category.

  6. Click Continue to Next Step.

  7. Enter these settings for I have the SAML configuration option:

    Note: You can leave the Single Logout Endpoint and Single Logout Response Endpoint fields blank. You can also leave the Force Re-authentication option deselected. You also don't need to select a Single Logout Binding Type.

Field

Value

Protocol

SAML v 2.0

Assertion Consumer Service (ACS)

https://[your_company].login.go.akamai-access.com/saml/sp/response

Entity ID

https://[your_company].login.go.akamai-access.com/saml/sp/response

Application URL

https://[your_company].login.go.akamai-access.com/saml/sp/response

  1. Click Continue to Next Step.

  2. Configure attribute mapping:

    1. Click Add New Attribute.

    2. In the Application Attribute column, enter SAML_SUBJECT.

    3. Based on the login preference of the directory that you'll associate to the PingOne IdP, enter one of these values into the Identity Bridge Attribute or Literal Value column:

      • For SAM Account Name, enter sAMAccountName
      • For Email, enter mail
      • For User Principal Name, enter userPrincipalName
    4. Add Group as an application attribute. In the Application Attribute column, enter Groupand in the Identity Bridge Attribute or Literal Value column, enter MemberOf.

    ūüďė

    These steps may differ based on your PingOne configuration. For more information, see the official PingOne documentation.

  3. Click Continue to Next Step.

  4. Click Save & Publish.

  5. On the Review Setup page, click the Download link for SAML Metadata.

  6. Click Finish

Next steps

Add PingOne as an identity provider

Add PingOne as an identity provider

Before you begin

  1. Create an ‚ÄčAkamai‚Äč Enterprise IdP application in the PingOne identity service

  2. Make sure you have the SAML metadata file that you downloaded.

To add and configure the PingOne identity service as an IdP:

  1. In the Threat Protection menu of Enterprise Center, select Identity & Users > Identity Providers.

  2. Click the plus sign icon

  3. Configure basic IdP settings:

    1. In the Name and Description fields, enter a name and description of the IdP.

    2. In the Provider Type menu, select PingOne.

    3. Click Continue.

  4. Complete the IdP general settings:

    1. Go to the General settings section or click the General tab.

    2. For Identity Intercept, select Use ‚ÄčAkamai‚Äč domain and enter an external hostname that you want to use for the URL of the login portal.

    3. In the ‚ÄčAkamai‚Äč Cloud Zone, select a cloud zone that is closest to the user base.

  5. In the Authentication area, configure the URL and Logout URLs:

    1. URL: https://desktop.pingone.com/mycompany

    2. Logout URL: https://desktop.pingone.com/mycompany/logout

    where mycompany is the subdomain you created when setting up your PingOne service.

  6. Upload the IdP metadata file. Click Choose File beside Upload IDP Metadata File.

  7. In the Advanced settings section, select Enable Authorization.

  8. Click Save. Your PingOne service directory is now connected to ETP.

Next steps

  1. Download and deploy an identity connector. For more information, see Create and download an identity connector.

  2. Add a directory. As part of this process, make sure you assign the identity connector you created to the directory. For more information, see Add a directory.

  3. Assign directory to the PingOne identity provider.

Assign directory to the PingOne identity provider

Before you begin

Add a directory to ETP. For instructions, see Add a directory.

To review the overall setup process for a PingOne IdP, see Set up PingOne as an identity provider.

To assign the directory you created to your PingOne IdP:

  1. In the Threat Protection menu of Enterprise Center, select Identity & Users > Identity Providers.

  2. Click the name of the PingOne IdP.

  3. Click the Directories tab.

  4. Click the link icon and select the directory that you added.

  5. Click Associate.

Next steps

  1. Deploy the IdP:

    • In the ETP IdP configuration, you can click the icon next to the Ready for Deployment status. A deployment icon also appears next to a failed deployment status in case you need to deploy the IdP again. This action starts the deployment process.

    • Deploy IdP configuration changes in the list of Pending Changes. For instructions, see Deploy configuration changes.

  2. If this is the first PingOne IdP that you are creating, add the PingOne IdP domains to an exception list. See Add identity provider domains to an exception list.

  3. Associate the IdP with a policy that's enabled for authentication. For more information, see Require authentication to access a website or web application.


Did this page help you?