PingOne for Enterprise
Prerequisites
-
Administrator access to the Harmony SASE Administrator Portal.
-
Administrator account with the Identity Provider Management Portal.
High-Level Procedure
Step 1 - Configure the PingOne Management Portal
-
Log in to PingOne Management Portal.
-
From the top navigation bar, click Applications.
-
In the SAML tab, click Add Application and then select New SAML Application.
The New Application window appears.
-
Enter these details:
-
Application Name: Harmony SASE
-
Application Description: Harmony SASE SAML Connection
-
Category: Information Technology
-
Graphics: (Optional) Add the Harmony SASE logo
-
-
Click Continue to Next Step.
The Application Configuration window appears.
-
Click I have the SAML configuration and then enter these details:
-
Signing Certificate: PingOne Account Origination Certificate
-
Protocol Version: SAML v 2.0
-
Assertion Consumer Service (ACS):
https://auth.perimeter81.com/login/callback?connection={{WORKSPACE}}-oc
where{{WORKSPACE}}
refers to your Harmony SASE workspace name. -
Entity ID:
urn:auth0:perimeter81:{{WORKSPACE}}-oc
where{{WORKSPACE}}
refers to your Harmony SASE workspace name.
-
-
Click Continue to Next Step.
The SSO Attribute Mapping window appears.
-
Map these attributes:
Application Attribute
Identity Bridge Attribute or Literal Value
email
Email
given_name
First Name
family_name
Last Name
groups
memberOf
-
Click Continue to Next Step.
The Group Access window appears.
-
Select the user groups that need access to the PingOne for Enterprise login page.
Note - To allow access to all users, add Users@Directory.
-
Click Continue to Next Step.
The Review Setup window appears.
-
Copy the idpid.
-
Click Download to download the Signing Certificate.
-
Click Save and Close.
-
Go to My Applications and ensure that the Harmony SASE application is set to Enabled - Yes.
Step 2 - Configure the Harmony SASE Administrator Portal
-
Log in to the Harmony SASE Administrator Portal with a administrator account.
-
Go to Settings > Identity Providers.
-
Click Add Provider.
The Add identity provider pop-up appears.
-
Select SAML 2.0 Identity Providers and click Continue.
-
In the Sign in URL field, enter the Identity Provider Sign-in URL from your SAML Identity Provider.
Identity Provider
Sign in URL
Generic SAML
Identity Provider Sign in URL
Active Directory Federation Services (AD FS)
https://{{Your ADFS Domain}}/adfs/ls
Auth0
Auth0 login URL
OneLogin
SAML 2.0 Endpoint (HTTP) value
PingOne
https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid={{idpid}}
PingFederate
https://sso.{{Your PingFederate Domain}}.com/idp/SSO.saml2
Rippling
Rippling IdP Sign-in URL.
JumpCloud
JumpCloud IDP URL
Okta
Okta Sign on URL
Google Applications
SSO URL
-
In the Domain Aliases field, enter the business domain names separated by commas or space.
-
In the X509 Signing Certificate field, enter the X.509 signing certificate for the application from the SAML Identity Provider.
If you have the signing certificate as PEM/CERT file, click Upload PEM/CERT File and select the file.
-
Click Done.
|
Note - After the first successful authentication of a member with SAML, Harmony SASE does this:
|