PingOne SAML 2.0 Integration with Bridge

Document created by Scott Wasilewski Employee on Apr 22, 2019Last modified by Kyle Spencer on Dec 10, 2019
Version 5Show Document
  • View in full screen mode

Overview

Ping has included Bridge as an application with some standard settings, including logo, to quickly create a SAML Single Sign On integration between Ping and Bridge.

Requirements

  • Ping Admin Access
  • Bridge Admin Access

 

Steps for Configuration

  • In your Ping Admin Dashboard, click on Applications in the top navigation.


  • Click Add Application then Search Application Catalog

  • Search for "Bridge". When the search returns the Bridge app, click the line it appears on and then click Setup.

  • In the resulting screen, follow the onscreen instructions that ask you to download the certificate, copy the SAML IdP Entity ID and copy down the SAML Log On URL.
  • After copying this information down click on the ‘Continue to Next Step’ button.

  • In a new window or tab, log in to your Bridge instance as an administrator.
  • Once logged into your Bridge Admin account, go to the Admin panel, and click on Account Management and then Account Settings.
  • Select the option for Auth and if you currently have single sign on system enabled, disable it at the bottom of the screen.
    • Scroll down to the “`SAML 2.0` option and click enable.

  • On this screen, ensure that the correct checkboxes are selected for ‘Sign Authentication Requests’ and ‘Use Name Qualifiers on Entity IDs’
    • Most likely these will both be unchecked.
  • Make sure Manual Configuration is selected and paste the Issuer you copied from Ping into the ‘Identity Provider Entity’ field.
  • Paste the ‘Initiate Single Sign-On (SSO) URL’  value into the ‘Single Sign On URL’ field.
  • Open the .crt file you downloaded from Ping and copy the certificate information from in between the lines ‘-----BEGIN CERTIFICATE-----’ and ‘-----END CERTIFICATE-----’ and paste it into the ‘X509 Certificate’ field.’
  • Add your desired ‘NameID Format URN’
    • This is most likely ‘urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified’
  • Scroll to the bottom of the screen and click save.
  • Once the ‘Audience URI’ field is populated, copy that link.
  • Back in Ping, click the link that says “Or use URL” and paste the value you have copied from Bridge into this field. Hit enter.
  • On the next screen, you will choose what information is sent over to Bridge in the SAML Assertion. Enter the Ping data fields that apply to the data asked for on the left in the dialog boxes on the right as in the following image:

  • Click Continue to Next Step twice, which will leave you on the “Group Access” options, and select which groups you would like to be able to access Bridge.

  • Once complete click “Continue to Next Step.”
  • Review your setup and click on “Finish.”
  • In a new incognito window, navigate to your Bridge URL and attempt to login. If everything is setup correctly you should be dropped into your Bridge instance. If not an error message should display.
  • If you need assistance with this setup, please contact your CSM.

Attachments

    Outcomes