¶ Ping Identity SAML SSO Integration
Exium’s Intelligent Cybersecurity Mesh provides secure access to distributed workforce and IoT devices, protecting businesses from malware, ransomware, phishing, denial of service, and botnet infections in one easy to use cloud service.
Ping Identity Exium integration handles users seamless access to Exium. Administrators can easily attach Exium security policy groups to Ping Identity users. Unique features of this integration are
- Simple steps to integrate Ping Identity API with Exium
- Push New Users from Ping Identity to Exium
- Push User Deactivation from Ping Identity to Exium
- Reactivate Users from Ping Identity to Exium
- Single sign-on from Ping Identity to sign-on to Exium
This note explains how to configure Ping Identity Exium application settings and Exium Workspace settings so that Ping Identity Users can be synced with Exium Workspace in real time and SSO from Ping Identity can be used to sign-on to Exium Service.
Following steps elaborate Ping Identity SAML2 API Integration with Exium
¶ 1. Select Ping Identity as Sign-in Option on Exium
As a first step, configure Ping Identity as Sign-in Type. Follow below steps.
- Navigate to the MSP admin console → Companies
- Click on Integrations → SCIM/SAML SSO
- Select PingIdentity as Sign-In Type
- Copy ACS URL (Reply URL) and Entity ID (Identifier) one after other to paste in Ping Identity as explained in next step.
Warning: Ensure that the Entity ID from the Exium portal is entered as the Entity ID in the Ping Identity Exium app, and the ACS URL is set correctly as the ACS URLs. Swapping these values will result in an SAML error when users attempt to sign in to Exium.
¶ 2. Create Exium app on Ping Identity
As a next step, you need to create Exium app on Ping Identity console. You can create Exium app on one of your existing environment or optionally you can create a new environment.
¶ 2.1 Create New Environment (Optional Step)
If you already have an existing environment which you want to use to create Exium app, you can skip this step.
If you want to create a new environment for Exium app, you can do so by following below steps
- Login to your Ping Identity Console
- Click on + icon next to Environments as shown below
- Click on Customer solution and click on Next as shown below
- Click on Next as shown below
- Enter Environment Name and Click on Finish button as shown below.
¶ 2.2 Create Exium application
Follow below steps to create Exium application under one of the environments.
- Under Environments page, Click on the Options (3 dots) next to the selected environment
- Select Mange Environment from dropdown as shown below
- From left navbar, select Applications under Applications
- Click on + icon next to Applications as shown below
- Fill the Application Name
- Select SAML Application and Click on Configure button as shown below
- Select Manually Enter under Provide Application Metadata
- Paste ACS URLs and Entity ID which are copied on step 1
- Click on Save as shown below
Warning: Ensure that the Entity ID from the Exium portal is entered as the Entity ID in the Ping Identity Exium app, and the ACS URL is set correctly as the ACS URLs. Swapping these values will result in an SAML error when users attempt to sign in to Exium.
¶ 2.3 Add Attribute Mapping
As a next step, some attributes like email and given name should be mapped from Ping Identity to Exium App. Follow below steps to create this mapping
- On App description tab, Click on Attributes as shown below
- Change saml_subject attribute as Email Address.
- Click on +Add button to create new attribute mapping
- Enter givenname as attribute and select Given Name as PingOne Mapping
- Click on Save as shown below
- Enable the app by switching it ON
- Click on Overview and Click on copy icon next to IDP Metadata URL as shown below. This is required to be pasted Exium admin console in next step.
¶ 3. Update Metadata XML on Exium Portal
As a next step, Sign-in option on Exium Portal has to be saved by filling-in IDP Metadata XML URL. The metadata xml url is copied from Ping Identity console on previous step.
On Exium admin console On SCIM/SAML SSO Page, Paste IDP Metadata XML URL and click on Save as shown below.
¶ 4. Add Users to Exium App on Ping Identity
As a next step, you can assign users to Exium app by following below steps
- On Ping Identity console, Click on Users under Directory
- Click on + button to next to Users
- Enter Given Name , Family Name, Username and Email and Click on Save as shown below
¶ 5. Verify SSO on Exium Service URL
If you are part of admin group, you can access admin console through SSO. you can enter your workspace name on service portal by entering the workspace name. Browser opens one more tab for Ping Identity authentication. (Note: Some browsers block popups. You need to allow the popup to allow one more tab to be opened to take Ping Identity authentication).
After successful authentication, it’ll show the message that “User is successfully Verified.” You can close the tab, then you’ll be in admin console in the original tab where you have entered workspace name. If the SSO verified user is not part of admin user, it gives an error that you don’t have access.
If you have any issue during integration, contact us at support@exium.net or raise a ticket on https://exium.net/help-center/
If you would like to see how Exium can help defend your organisation, contact us at hello@exium.net