All Collections
SSO for Envoy via Ping Identity
SSO for Envoy via Ping Identity

Learn how to set up SAML using Ping

Updated over a week ago

About Ping

The Ping Identity Platform allows enterprises and their users to securely access the cloud, mobile, and on-premises applications while managing identity and profile data at scale. You'll use PingOne to give members of your organization secure single sign-on (SSO) to cloud applications.

Setting up SSO for Ping

  1. Log in to the PingOne admin portal and navigate to “Applications” in the header.

  2. Under SAML, click Add Application > New SAML Application

  3. Add “Envoy SSO” as the Application Name, “Workplace Management Solution” as the Application Description, “Human Resources” as the Category, and use this link to access our logo.

  4. In the Upload Metadata field, click “Or use URL” and add “” and the ACS and Entity ID should automatically populate. If not, you can find the URLs within the Envoy Dashboard in the SAML integration.

  5. In a new tab, open Apps > All Apps >Directory and SSO > Directory settings > SAML > Install and copy the “Sign On URL (SP-initiated only) URL”

  6. Go back to Ping and in the Application URL field, paste the “Sign On URL (SP-initiated only)” from Envoy

  7. For the SSO Attribute Mapping step, add “SAML_SUBJECT” for Application Attribute and “Email” for Identity Bridge attribute.

  8. Next, it’s time to decide what Groups you want to be added to Envoy for SSO and then continue but keep the confirmation page (below) open.

  9. Next, you'll need to locate your PingID's fingerprint. It can be found under (Setup > Certificates > Expand "PingOne Account Origination Certificate").

  10. Copy the fingerprint from step 9 and paste it into the appropriate field in the Envoy dashboard.

  11. Copy the following URL and add your idpid from Ping at the end. “ idpid_here” and paste it into the “Identity Provider HTTP SAML URL” in Envoy.

  12. [Optional] Set SSO as required

  13. Press save!

Did this answer your question?