How to set up Ping Identity security provider

Audience: System administrators installing and configuring Sapho Server

Ping Identity is another security provider supported by Sapho that you can use to authenticate the users of Sapho micro apps.

Ping Identity setup

Go to the Security tab and select Ping Identity.

In the dialog window under Protocol, you will be able to select OpenToken or SAML 2.0.

OpenToken

OpenToken allows you to set the following fields:

  • SSO Endpoint URL - the URL of your Ping Identity server.
  • Redirect URI Parameter - the URI where the user is redirected after a successful login (this is the URI of your Sapho Server).
  • Token Name - the name of the token attribute Sapho receives after a successful login and uses for user information.
  • Cipher - the type of cipher used to decode token value.
  • Use Sun JCE - select this option if you would also like to use the Java Cryptography Extension.
  • Password - the password used to decode the token value.
  • Login Attribute - the login attribute in your Ping Identity schema.
  • User Name Attribute - the user name attribute in your Ping Identity schema.
  • Email Attribute - the email attribute in your Ping Identity schema.

SAML 2.0

SAML 2.0 allows you to set the following fields:

  • Sapho SP metadata URL to configure the IdP connection - the URL used in Ping Identity to create an SP connection.
  • IdP Metadata URL - the URL where the entity description of the IdP is located.
  • Login Attribute - the login attribute in your Ping Identity schema.
  • User Name Attribute - the user name attribute in your Ping Identity schema.
  • Email Attribute - the email attribute in your Ping Identity schema.

Here’s how to generate an IdP Metadata URL:

  1. In the Ping Identity dialog window, copy the automatically generated URL under Sapho SP metadata URL to configure IdP connection.
  2. Sign into your Ping Identity administration. Go to PingFederate > IdP configuration and create a new SP Connection.
  3. Click Import Metadata and in New URL, paste the Sapho SP metadata URL to configure IdP connection that you copied from Sapho.
  4. Finish configuring the connection.
  5. In General Info, copy your Partner’s Entity ID (Connection ID).
  6. IdP Metadata URL should be in the following format:
    • <protocol>://<host>:<port>/pf/federation_metadata.ping?PartnerSpId=<connectionId>
    • Parameters should be set as follows:
      • protocol - typically https
      • host - host of your identity server
      • port - the port used
      • connectionId - the Partner’s Entity ID (Connection ID) taken from your Ping Identity connection configuration
    • The final URL should look similar to the following:
      • http://ad.arrakis.sapho.com:9030/pf/federation_metadata.ping?PartnerSpId=sapho:saml:honza:sapho:com

Finish Ping Identity security provider settings

Once you have generated your IdP Metadata URL, finish entering your Ping Identity security provider settings and click DONE.

You can now set which micro apps use Ping Identity for access in the Micro Apps with Access section.

Ping Identity groups

Here’s how to use Ping Identity groups for access management within Sapho:

  1. Go to the Provider Details page of your Ping Identity security provider.
  2. Fill in the Group Attribute field according to your Ping Identity settings. You should use the name of the group attribute from your Ping Identity schema.
  3. Manually register the Ping Identity groups you want to use within Sapho for access management by clicking ADD NEW GROUP.
  4. Click SAVE SETTINGS.

Now you’ll be able to use Ping Identity groups throughout Sapho, i.e. you can give access to micro apps based on your Ping Identity groups or send notifications to users based on their assigned groups.

Custom user variables

Sapho also allows you to pull custom attributes that you have added to your Ping Identity model from your Ping Identity server.

You can configure these in Provider Details for Ping Identity under the fields: Custom User Variable 1 Attribute, Custom User Variable 2 Attribute, and Custom User Variable 3 Attribute.

Once you have configured your custom variables, you can use them in Sapho to build micro apps and events.

Security requirements

To ensure that your connection is secure, we recommend you perform one of the following:

  1. Set up a reverse proxy for Sapho Server using an SSL connection, as described in the following guides:
  2. Make sure Sapho Server runs on https only.