Secure Mobile Access 12.4 Administration Guide

Table of Contents

Configuring Ping Identity PingOne as an SMA Authentication Server

Configuring Ping Identity PingOne as an SAML Identity Provider is done by configuring a Ping Identity PingOne Authentication server on an SMA appliance.

To configure Ping Identity PingOne as an SMA Authentication Server

  1. On the SMA appliance, go to the System Configuration > Authentication Servers page.

  2. In the Authentication servers section, click the + (New) icon. The Add Authentication Server page displays.

  3. Select SAML 2.0 Identity Provider.

  4. Click Continue.... The Edit Authentication Server page displays.

    Most of the values for the fields on this page can be obtained from the fields on the PingOne application page.

    The steps that follow explain how to configure the fields in the Configure Authentication Server .

  5. In the Name field, enter PingOne_IDP.

  6. In the Appliance ID field, enter the entityId from the PingOne application page. For example: https://appliance.company.com.
  7. In the Server ID field, enter the value of the entityID of the EntityDescriptor tag from the downloaded XML file, for example, https://pingone.com/idp/company.

  8. In the Authentication service URL field, enter the Initiate Single Sign-On (SSO) URL from the PingOne application page. For example,

    https://sso.connect.pingidentity.com/sso/sp/initsso?saasid=734b784f-xx xxxx.

  9. In the Logout service URL field, enter the value of the Logout Service URL from the Location attribute of SingleLogoutService tag from the downloaded XML file. For example, https://sso.connect.pingidentity.com/sso/SLO.saml2.

  10. From the Trust the following certificate drop-down menu, select the certificate you want. This should be the Certificate downloaded from the PingOne application page.

    You must first download and install the certificate you want before it can appear in this drop-down menu. See Downloading a Certificate for instructions on how to do this.

  11. (Optional) Select the Sign AuthnRequest message using this certificate if you want it, then select the certificate.

  12. Click Save.