PingFederate

Written By Toby Egbuna

Last updated 12 days ago

PingFederate (SAML)

How to use our PingFederate SAML integration for SSO

PingFederate SAML SSO is the means by which your employees are authenticated to Chezie.

Benefits of using PingFederate SAML SSO include:

  1. User Convenience: Simplified login with a single set of credentials.

  2. Enhanced Security: Strong authentication and reduced password risk.

  3. Centralized Access Control: Unified management of access policies.

  4. Improved Productivity: Faster and seamless access to applications.

  5. Compliance: Helps meet regulatory and security requirements.

  6. Cost Savings: Reduces support and password-related costs.

  7. Enterprise Flexibility: Supports complex identity and authentication policies.

How the PingFederate SAML is used

PingFederate acts as your organization’s Identity Provider (IdP), while Chezie acts as the Service Provider (SP).

When a user attempts to access Chezie:

  • The user is redirected to PingFederate for authentication.

  • PingFederate authenticates the user according to your organization’s policies.

  • A SAML assertion is sent back to Chezie containing user identity attributes.

  • Chezie uses this information to authenticate or create the user.

How to Configure SAML SSO in PingFederate

To configure SAML SSO in PingFederate, follow these steps:

1. Create a New SAML Connection

  • Log in to the PingFederate Admin Console.

  • Navigate to Connections and select Create New.

  • Choose Browser SSO Profiles.

  • Select SAML 2.0.

  • Choose SP-initiated SSO.

This connection will represent your SAML SSO integration with Chezie.

2. Configure Connection Type and Role

  • Set PingFederate as the Identity Provider (IdP).

  • Set Chezie as the Service Provider (SP).

  • Provide a connection name (e.g., Chezie SAML).

3. Configure SAML Settings and Mapping

In the connection configuration:

  • Enter the Entity ID, Assertion Consumer Service (ACS) URL, and any additional SAML endpoints provided by Chezie.

  • Configure the SAML assertion to include the required user attributes.

Required attributes

Please map the following attributes exactly as shown:

  • first_name

  • last_name

  • email

These attributes should be sourced from your user directory (LDAP, Active Directory, or equivalent).

The email attribute is required and must be unique per user.

4. Configure Assertion and Security Settings

  • Set the NameID format to email address.

  • Ensure SAML assertions are signed.

  • Encryption is optional, based on your organization’s security requirements.

5. Export and Share Metadata

  • Export the PingFederate IdP Metadata XML.

  • Share this metadata file with the Chezie team.

This metadata allows Chezie to complete the SAML configuration and establish trust with your PingFederate instance.

6. Test and Verify

  • Initiate a login request from Chezie.

  • Confirm that:

    • Users are redirected to PingFederate.

    • Authentication completes successfully.

    • Required attributes are passed correctly.

7. Enable SSO

Once testing is complete:

  • Enable the connection for the desired users or groups in PingFederate.

  • Users accessing Chezie via email will now be redirected to PingFederate for SSO authentication.

By following these steps, you can successfully configure SAML SSO in PingFederate for your integration with Chezie. For additional troubleshooting or configuration support, consult Ping Identity documentation or reach out to the Chezie team.