Configuring Ping Identity as an Identity Provider in Software AG Cloud for Single sign-on

 View Only
Fri March 10, 2023 02:39 AM

Introduction

This article defines steps to configure Ping Identity as Identity Provider (IdP) for Software AG Cloud. Ping Identity software provides federated identity management and intelligent access so users can connect securely to the cloud, mobile, and on-premises applications.
Setting up SSO in the Software AG Cloud (SAG Cloud) with Ping Identity as the IDP is a process that requires some setup in both environments. It requires information from both environments, so it makes sense to open two browser windows from the start in order to follow the process.
The process involves the following steps:

  • Manage Group membership
  • Setting up Ping Identity as Identity Provider for Software AG Cloud
  • Configuring Ping Identity Single Sign-On Integration with SAML

Pre-requisites

  • You require a SAG Cloud tenant and a user with admin access to the tenant.
  • You require an active Ping Identity account.

Manage Group membership

Group information is sent in the SAML assertion when the user signs in to a target app. In this part of our documentation, we will be creating a new group SAG_WMIO_USERS and assign our existing user to this group though we can use any existing group also.

  • To add a group, from the main menu select Connections > Identities > Groups.

  • From the Groups page, select the + (plus) sign.
    image
    The Create New Group page appears

  • In Group Name and description field enter your group name (for us in this example it will be SAG_WMIO_USERS) and its description and click Save.
    image

  • To add users to this group, click on Users tab on group details page and click Add Individually

    image
    image775×290 31.3 KB

  • Select users which you want to be part of this group and click Save.

    image
    image773×358 28.9 KB

  • This group will be assigned to our saml application when assigning access further down is this example.

Setting up Ping Identity as Identity Provider for Software AG Cloud**

  • Open two tabs in your browser and login to Software AG Cloud account in one of them.

  • Go to Administration.

  • Click SingleSignOn and Add identity provider. The Add identity provider wizard
    appears.

  • Enter your identity provider display name and unique identifier details in the Identity provider
    display name     and Identity provider identifier for use in Software AG Cloud redirect URI
    fields. (Here we have taken pingIdentity as display name and unique identifier name)

    image
    image691×581 55 KB

  • Copy or make a note of the value displayed in the Software AG Cloud redirect URI field.
    This value is used when configuring Service Provider for Ping Identity.
    image

  • In second tab login to your Ping Identity account.

  • To setup of Software AG Cloud as new SAML application, select Connections > Applications from the Main menu.

  • From the Applications page, select the + (plus) sign.

    image
    image844×383 108 KB

    The Add Application wizard appears.

  • Enter the SAML application name (here we have taken Software AG Cloud as the application
    name).
    image

  • Click the SAML Application option.
    image

  • Select Configure when available after selecting the SAML Application. The SAML
    Configuration     wizard appears.

  • Select the Manually Enter option.

  • Enter Software AG Cloud redirect URI copied in step 5 in ACS URLs and Entity ID.
    The ACS URL format is,
    {{Hostname}}/auth/realms/{{realm_name}}/broker/{{identityprovider_name}}/endpoint
    The Entity ID format is,
    {{Hostname}}/auth/realms/{{realm_name}}

    image
    image636×774 14.2 KB

  • Click Save.

You added the application to your Ping Identity account. You need to configure the application
to enable the Single Sign-On

  • You should be redirected on Application overview page in you Ping Identity account.
    image
    image744×469 65.3 KB

Configure Ping Identity Single Sign-On Integration with SAML**

  • Enable Software AG Cloud by turning on the toggle button.

    image
    image975×206 39.9 KB

  • In the Attribute Mappings tab, click Edit (the pencil icon). The Edit Attribute
    Mappings     page appears.

  • Add the mappings between Ping identity and saml by clicking +Add for each entry:

    image
    image763×625 79.6 KB

  • Click Save. You are redirected to the Software AG Cloud page.

  • In the Access tab, click Edit (the pencil icon). The Edit Access page appers.

  • Select the groups applicable for this application under the Group Membership Policy.

    image
    image663×502 40.5 KB

  • Click Save. You are redirected to the Software AG Cloud page.

  • In the Configuration tab, click copy IDP Metadata URL.

    image
    image631×524 98 KB

  • Switch back to Software AG Cloud application tab on your browser and paste it in URL text
    box within Import configuration from URL option and click Next.

  • In the Configuration tab, keep settings as default and click Next.

  • In the Attributes tab, create mapping between Ping Identity’s SAML attributes and Software
    AG Cloud attributes and click Next.

    image
    image671×570 44.9 KB

  • In the Roles tab, assign either a default Software AG Cloud role to user or assign Software AG
    Cloud role to user by mapping to identity provider role.

    image
    image662×561 47.9 KB

  • Click Save. The Identity Provider configuration is saved.

  • Logout and login again using Ping Identity as identity provider.
    image


#webMethods-cloud
#webMethods
#Software-AG-Cloud