PingOne for Enterprise

Prerequisites

  • Administrator access to the Harmony SASE Administrator Portal.

  • Administrator account with the Identity Provider Management Portal.

High-Level Procedure

Step 1 - Configure the PingOne Management Portal

  1. Log in to PingOne Management Portal.

  2. From the top navigation bar, click Applications.

  3. In the SAML tab, click Add Application and then select New SAML Application.

    The New Application window appears.

  4. Enter these details:

    • Application Name: Harmony SASE

    • Application Description: Harmony SASE SAML Connection

    • Category: Information Technology

    • Graphics: (Optional) Add the Harmony SASE logo

  5. Click Continue to Next Step.

    The Application Configuration window appears.

  6. Click I have the SAML configuration and then enter these details:

    • Signing Certificate: PingOne Account Origination Certificate

    • Protocol Version: SAML v 2.0

    • Assertion Consumer Service (ACS): https://auth.perimeter81.com/login/callback?connection={{WORKSPACE}}-oc where {{WORKSPACE}} refers to your Harmony SASE workspace name.

    • Entity ID: urn:auth0:perimeter81:{{WORKSPACE}}-oc where {{WORKSPACE}} refers to your Harmony SASE workspace name.

  7. Click Continue to Next Step.

    The SSO Attribute Mapping window appears.

  8. Map these attributes:

    Application Attribute

    Identity Bridge Attribute or Literal Value

    email

    Email

    given_name

    First Name

    family_name

    Last Name

    groups

    memberOf

  9. Click Continue to Next Step.

    The Group Access window appears.

  10. Select the user groups that need access to the PingOne for Enterprise login page.

    Note - To allow access to all users, add Users@Directory.

  11. Click Continue to Next Step.

    The Review Setup window appears.

  12. Copy the idpid.

  13. Click Download to download the Signing Certificate.

  14. Click Save and Close.

  15. Go to My Applications and ensure that the Harmony SASE application is set to Enabled - Yes.

Step 2 - Configure the Harmony SASE Administrator Portal

  1. Log in to the Harmony SASE Administrator Portal with a administrator account.

  2. Go to Settings > Identity Providers.

  3. Click Add Provider.

    The Add identity provider pop-up appears.

  4. Select SAML 2.0 Identity Providers and click Continue.

  5. In the Sign in URL field, enter the Identity Provider Sign-in URL from your SAML Identity Provider.

    Identity Provider

    Sign in URL

    Generic SAML

    Identity Provider Sign in URL

    Active Directory Federation Services (AD FS)

    https://{{Your ADFS Domain}}/adfs/ls

    Auth0

    Auth0 login URL

    OneLogin

    SAML 2.0 Endpoint (HTTP) value

    PingOne

    https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid={{idpid}}

    PingFederate

    https://sso.{{Your PingFederate Domain}}.com/idp/SSO.saml2

    Rippling

    Rippling IdP Sign-in URL.

    JumpCloud

    JumpCloud IDP URL

    Okta

    Okta Sign on URL

    Google Applications

    SSO URL

  6. In the Domain Aliases field, enter the business domain names separated by commas or space.

  7. In the X509 Signing Certificate field, enter the X.509 signing certificate for the application from the SAML Identity Provider.

    If you have the signing certificate as PEM/CERT file, click Upload PEM/CERT File and select the file.

  8. Click Done.

Note - After the first successful authentication of a member with SAML, Harmony SASE does this:

  • Assigns the member with the appropriate role.

  • Adds the member to the groups related to Identity Provider.

  • Applies the relevant configuration profiles to the member.