Ping Identity

To configure the SSO authentication with Ping Identity:

Go to Global Settings > Identity & Access.
Below SSO Authentication, click Set up single sign-on.
The SSO Single Sign-On (SSO) - A session/user authentication process that permits a user to enter one name and password in order to access multiple applications. Authentication wizard opens.
Select Ping.
Provide a title to the integration you are creating, and click Next.
Follow the wizard instructions to complete the configuration.

Verify the ownership of your domain to make sure successful identification for all the users that belong to your organization:

Copy the DNS record value.
Enter the Value to your DNS server as a text record.

Below Domain(s), enter one or more email domains that your company uses and click [+] after each one.

Note - After three to five minutes the DNS record propagates and is resolved.

When all domains show on the list, click Next.

Allow Connectivity

Copy the URLs and enter them at your identity provider's portal.
Create a SAML application in the Ping Identity Portal
First, create a new environment in the Ping Identity Portal.
1. Log in to your Ping Identity Portal.
2. Go to the Home page and click Add Environment.
3. Select Customer solution and click Next.
4. Make sure PingOne for Customers is available. Click Next.
5. Enter all relevant information in the form.
6. Click Finish. Ping Identity redirects you to the Home page.
In the new environment, create a web application.
1. Navigate to Connections > Applications and click Add Application.
2. Click WEB APP, then select SAML and click Configure.
3. A new Create App Profile page opens.
4. Enter the application details. For example, set the application name to Check Point Infinity Portal.
5. Click Next. The Configure SAML Connection page opens.
6. Under Provide Meta Data, select Manually Enter.
7. Configure SAML Security Assertion Markup Language. An XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. Connection:
  - ACS URLs - Use the Reply URL.
  - Signing - Set to Sign Response.
  - Entity ID - Use the Entity ID previously copied from SSO Wizard.
  - Assertion Validity Duration - Set to 3600.
8. Click Save and Continue.
9. In the Map Attributes page, configure SAML attributes. The User ID attribute = saml_subject appears by default. Change User ID to Email Address.
10. Click Add Attribute and select PingOneAttribute to add a new attribute.
11. Select Population ID for User Attribute and enter groups for Application Attribute. Select the Required option.
12. Click Add Attribute and select PingOneAttribute to add one more attribute.
13. Select Group Names for User Attribute and enter memberOf for Application Attribute. Select the Required option.
14. Click Save and Close.
15. Ping Identity redirects you to the Applications page. In your newly created application, go to the Configuration tab and click Download under Connection Details > Download Metadata.
16. Download the SAML Metadata file to your computer.
Set up Users and Groups Synchronization
First, you create a Worker application. Then you can set up permissions for users and groups.
1. Create a Worker application in the Ping Identity Portal
  
  The worker application helps you set user and group automatic synchronization. Therefore, the request to create a new worker application shows in the section “set up user and group synchronization.”
  
  In the Ping Identity Portal, go to Applications and click Add Application.
  
  In the New Application page, select Worker and click Configure.
  
  In the Create App Profile page, enter the application name and description, then click Save and Continue.
  
  In the Attribute Mapping page, click Save and Close.
2. Set up Users and Groups Permissions
  
  Set up permissions to allow the selection of users and user groups from your Ping Identity at Infinity Portal SSO.
  
  On the Applications page of the Ping Identity portal, select the Worker application, open the Configuration tab, scroll down and make sure that Grant Type is set to Client Credentials. Under Token Endpoint Authentication Method, select Client Secret Post.
  
  Click Save.
  
  On the Applications page, toggle the slider for each of the two applications to enable User Access.
  
  In the Infinity Portal, Identity Provider A system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network. Acronym: IdP or IDP. Wizard > Set Directory Integration page, fill in the required fields:
  
  Environment ID - In Ping Identity Portal, go to Dashboard > Environment Properties and copy the value of Environment ID.
  
  Region - In Ping Identity Portal, go to Dashboard > Environment Properties and check the region. In the Wizard, enter EU for Europe, COM for the United States, and ASIA for the Asian Pacific.
  
  Client ID and Shared Secret - In Ping Identity Portal, go to Connections > Applications and open your Worker application. Open the Configuration tab and copy two values: Client ID and Client Secret.
  
  Verify that all fields in Directory Integration are correct.
  
  Click Next.
Confirm Identity Provider Integration

In the Confirm Identity Provider page, check all the details and click Add Identity Provider to complete the wizard.

Review the details of the SSO configuration and click Submit.

Important - Create a user group with the applicable roles and assign it to the related IdP group name or ID, which depends on the applicable identity provider, before you log out. For more information, see User Groups.