PingFederate
  • 04 Jun 2021
  • 2 Minutes to read
  • Contributors

PingFederate


This article describes how to configure PingFedrate for use as a SAML 2.0 identity provider for Perimeter 81.

-Configuring your Perimeter81 Service Provider (SP) Parameters
-Configuring an SP Connection from PingFederate
-Configuring the Connection on Perimeter 81
-Troubleshooting steps

Note:

To successfully integrate PingIdentity and Perimeter 81, you must have admin access on both platforms.

Please follow the steps below:

Configuration Parameters

  1. These are the most important configuration parameters:
  • EntityID: urn:auth0:perimeter81:{{WORKSPACE}}-oc

  • Assertion Consumer Service URL: https://auth.perimeter81.com/login/callback?connection={{WORKSPACE}}-oc

  • HTTP-Redirect binding for SAML Request

  • HTTP-POST binding for SAML Response

Perimeter81 Attribute Name PingFederate Attribute Name
email Mail
given_name Given Name
family_name Surname

Configuring an SP Connection from PingFederate

  1. Sign on to your PingFederated account and select Create New from the SP Connections section.
  2. Configure the SP Connection.
    • Select the Browser SSO Profiles as the Connection Type.
    • Select Browser SSO as the Connection Options.
  3. Configure the connection Parameters (Step 1)
Metadata

If you are troubleshooting the connection, you can upload the Metadata for your Perimeter81 connection- instructions available under "troubleshooting" at the bottom section of this guide.
The Entity ID, Connection Name and the Base URL will be automatically populated based on the information from the metadata file.

  1. Configure Browser SSO.
    • Select SP-Initiated SSO and SP-Initiated SLO in SAML Profiles.
    • Go to the Assertion Creation section and click Configure Assertion.
      Accept all defaults for the next two screens.
  2. Go to the IdP Adapter Mapping section. This is where users will be authenticated. Likely, you already have one configured in your PingFederate installation. Select one, or add a new one. Auth0 only requires the NameIdentifier claim. All other attributes will be passed further to the end application.
  3. Configure Protocol Settings. Values for Protocol Settings are imported from the metadata file. Next, you will see the Assertion Consumer Service URL and the Sign-Out URLs. Click Next to the Allowable SAML Bindings section.
  4. Leave POST and Redirect enabled. Make sure SAML Assertion is always signed.
  5. Configure Credentials. On Digital Signature Settings, select your signing certificate and make sure you check the option to include it in the element.
  6. Configure the certificate used to sign incoming requests.
  7. Review your settings and set as Active or Inactive.
  8. Click Save at the bottom of the screen. You should see the new SP Connection on the Main screen.

Configuring the Connection on Perimeter 81

At this point, you will configure the integration from the Perimeter 81 side.

  1. Log in to your Perimeter 81 Management Platform, and navigate to Settings and then Identity Providers.
  2. Select + Add Provider.
  3. Choose SAML 2.0 Identity Providers.
  4. Sign In URL:
    • https://sso.{{Your PingFederate Domain}}.com/idp/SSO.saml2
  5. Add your organization domain.
  6. Paste the certification from PingFederate.
  7. Select Done.

Troubleshoot connection

  1. To troubleshoot the connection, you can download your Metadata file from:
    https://perimeter81.auth0.com/samlp/metadata?connection={{WORKSPACE}}-oc
Example:

myworkspacename.perimeter81.com workspace should translate to https://perimeter81.auth0.com/samlp/metadata?connection=myworkspacename-oc


Was this article helpful?

What's Next