The Ping Identity Platform allows enterprises and their users to securely access the cloud, mobile, and on-premises applications while managing identity and profile data at scale. You'll use PingOne to give members of your organization secure single sign-on (SSO) to cloud applications.
Setting up SSO for Ping
Log in to the PingOne admin portal and navigate to “Applications” in the header.
Under SAML, click Add Application > New SAML Application
Add “Envoy SSO” as the Application Name, “Workplace Management Solution” as the Application Description, “Human Resources” as the Category, and use this link to access our logo.
In the Upload Metadata field, click “Or use URL” and add “https://app.envoy.com/a/saml/metadata” and the ACS and Entity ID should automatically populate. If not, you can find the URLs within the Envoy Dashboard in the SAML integration.
In a new tab, open Apps > All Apps >Directory and SSO > Directory settings > SAML > Install and copy the “Sign On URL (SP-initiated only) URL”
Go back to Ping and in the Application URL field, paste the “Sign On URL (SP-initiated only)” from Envoy
For the SSO Attribute Mapping step, add “SAML_SUBJECT” for Application Attribute and “Email” for Identity Bridge attribute.
Next, it’s time to decide what Groups you want to be added to Envoy for SSO and then continue but keep the confirmation page (below) open.
Next, you'll need to locate your PingID's fingerprint. It can be found under (Setup > Certificates > Expand "PingOne Account Origination Certificate").
Copy the fingerprint from step 9 and paste it into the appropriate field in the Envoy dashboard.
Copy the following URL and add your idpid from Ping at the end. “https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=insert_your_ idpid_here” and paste it into the “Identity Provider HTTP SAML URL” in Envoy.
[Optional] Set SSO as required