---
title: "PingFederate"
slug: "pingfederate"
updated: 2026-04-07T09:05:20Z
published: 2026-04-07T09:05:20Z
canonical: "support.perimeter81.com/pingfederate"
stale: true
---

> ## Documentation Index
> Fetch the complete documentation index at: https://support.perimeter81.com/llms.txt
> Use this file to discover all available pages before exploring further.

# PingFederate

## Introduction

This article offers a detailed guide on configuring PingFederate as a SAML 2.0 identity provider

By integrating with PingFederate, Check Point SASE can authenticate users, ensuring a secure and efficient login process.

## Steps

1. These are the most important configuration parameters:

- **EntityID**:
  - US based platform - urn:auth0:perimeter81:{{WORKSPACE}}-oc
  - EU based platform - urn:auth0:eu-sase-checkpoint:{{WORKSPACE}}-oc
  - AU based platform - urn:auth0:au-sase-checkpoint:{{WORKSPACE}}-oc
  - IN based platform - urn:auth0:in-sase-checkpoint:{{WORKSPACE}}-oc
- **Assertion Consumer Service URL**:
  - US based platform - https://auth.perimeter81.com/login/callback?connection={{WORKSPACE}}-oc
  - EU based platform - https://auth.eu.sase.checkpoint.com/login/callback?connection={{WORKSPACE}}-oc
  - AU based platform - https://auth.au.sase.checkpoint.com/login/callback?connection={{WORKSPACE}}-oc
  - IN based platform - https://auth.in.sase.checkpoint.com/login/callback?connection={{WORKSPACE}}-oc
- **HTTP-Redirect** binding for SAML Request
- **HTTP-POST** binding for SAML Response

| Check Point SASE Attribute Name | PingFederate Attribute Name |
| --- | --- |
| email | Mail |
| given_name | Given Name |
| family_name | Surname |

## Configuring an SP Connection from PingFederate

1. Sign on to your PingFederated account and select **Create New** from the **SP Connections section**.
2. Configure the **SP Connection**.
  - Select the **Browser SSO Profiles** as the **Connection Type**.
  - Select **Browser SSO** as the **Connection Options**.
3. Configure the connection Parameters (Step 1)

Metadata

If you are troubleshooting the connection, you can upload the Metadata for your Check Point SASE connection- instructions available under "troubleshooting" at the bottom section of this guide. The Entity ID, Connection Name and the Base URL will be automatically populated based on the information from the metadata file.

1. Configure **Browser SSO**.
  - Select **SP-Initiated SSO** and **SP-Initiated SLO** in **SAML Profiles**.
  - Go to the **Assertion Creation** section and click **Configure Assertion**.  
Accept all defaults for the next two screens.
2. Go to the **IdP Adapter Mapping** section. This is where users will be authenticated. Likely, you already have one configured in your PingFederate installation. Select one, or add a new one. Auth0 only requires the **NameIdentifier** claim. All other attributes will be passed further to the end application.
3. Configure **Protocol Settings**. Values for **Protocol Settings** are imported from the metadata file. Next, you will see the Assertion Consumer Service URL and the Sign-Out URLs. Click **Next** to the **Allowable SAML Bindings** section.
4. Leave **POST** and **Redirect** enabled. Make sure **SAML Assertion** is always signed.
5. Configure **Credentials**. On **Digital Signature Settings**, select your signing certificate and make sure you check the option to include it in the <keyinfo data-tomark-pass="">&nbsp;element.</keyinfo>
6. Configure the certificate used to sign incoming requests.
7. Review your settings and set as **Active** or **Inactive**.
8. Click **Save** at the bottom of the screen. You should see the new SP Connection on the **Main** screen.

## Configuring the Connection on Check Point SASE

At this point, you will configure the integration from the Check Point SASE side.

1. Log in to your **Check Point SASE****Administrator Portal**, and navigate to **Settings** and then **Identity Providers**.
2. Select + Add Provider.
3. Choose **SAML 2.0 Identity Providers**.
4. Sign In URL:
  - https://sso.{{*Your PingFederate Domain*}}.com/idp/SSO.saml2
5. Add your organization domain.
6. Paste the certification from PingFederate.
7. Select Done.

<meta charset="utf-8">

## Recommendations

- Always replace placeholders like {{WORKSPACE}} and {{Your PingFederate Domain}} with the actual values during the configuration.
- Ensure that the correct attributes are mapped in PingFederate for accurate user authentication and authorization in Check Point SASE.
- Periodically review your PingFederate configuration settings to ensure they align with any updates or changes made within the Check Point SASE platform

## Troubleshooting

If you encounter issues during or after the setup, try reviewing your settings to ensure everything matches the instructions. In particular, check the IP addresses and other details you entered during setup. If issues persist, please consult our dedicated support.

## Support Contacts

If you have any difficulties or questions, don't hesitate to contact Check Point SASE's support team. We offer 24/7 chat support on our website at [sase.checkpoint.com](https://sase.checkpoint.com/), or you can email us at sase-support@checkpoint.com. We're here to assist you and ensure your VPN tunnel setup is a success