Learn how to configure a connection to PingOne via SAML
Each SSO Identity Provider requires specific information to create and configure a new Connection. Often, the information required to create a Connection will differ by Identity Provider.
To create a PingOne SAML Connection, you'll need four pieces of information: an ACS URL, an Identity Provider Issuer (also known as an Entity ID), an Identity Provider SSO URL, and an X.509 Certificate.
WorkOS provides the ACS URL and Identity Provider Issuer (Entity ID). They're readily available in your Connection's Settings in the Developer Dashboard.
The ACS URL is the location an Identity Provider redirects its authentication response to. In PingOne's case, the ACS URL and Entity ID need to be set by the Enterprise when configuring your application in their PingOne instance.
Specifically, the ACS URL and Entity ID will need to be set in the "Application Configuration" step of the PingOne "Edit Application" wizard:
Configuring PingOne SAML
And then you provide the PingOne SSO URL and X.509 certificate.
Normally, this information will come from your Enterprise customer's IT Management team when they set up your application's SAML 2.0 configuration in their PingOne admin dashboard. However, that should not be the case during your setup. Here's how to obtain them:
1Log In and Select Your Application
Log in to the PingOne admin dashboard, select "Applications" at the top, select the "My Applications" tab and then select your Application.
2Obtain Identity Provider Details
Copy and Paste the "Initiate Single Sign-On (SSO) URL" into the IdP SSO URL field in your WorkOS Developer Dashboard. Then select "Download" next to "Signing Certificate" to obtain the X.509 Certificate, and save it to your preferred directory.
3Configure Attribute Mapping
In the "SSO Attribute Mapping" section of the PingOne "Edit Application" wizard, add the following field-value parameter pairs:
- id -> SAML_SUBJECT
- firstName -> First Name
- lastName -> Last Name
- email -> Email
Finally, upload the X.509 Certificate in your WorkOS Connection Settings. Your Connection will then be linked and good to go!