Ping Identity (SSO)
This document explains how to install and configure the Ping Identity app that provides Single Sign On (SSO) access to the TruSTAR Web App. The Ping App uses the SAML 2.0 standard to enable SSO. You can learn more about Ping's SAML documentation here (https://www.pingidentity.com/developer/en/index.html).
When using the Ping Identity App for SSO, Ping serves as the Identity Provider (IDP) and TruSTAR is the Service Provider (SP).
Setting up TruSTAR with Ping is a three-step process:
- Install the TruSTAR App for PingOne. (Note that this is different than the TruSTAR Web App.)
- Enable users in Ping.
- Enable users in the TruSTAR Web App.
Installing the TruSTAR App for PingOne
- In Ping, search for TruSTAR in the Search bar on the left.
- When you have located the TruSTAR App, click Add.
- Click the Applications tab in the top menu.You now see the TruSTAR App listed under My Applications.
- Click Add Application to display a dropdown menu and then select New SAML Application.
- Fill out the fields in the dialog box:
- Application Name: TruSTAR
- Application Description: TruSTAR Web App
- Category: Information Technology
- Application Icon (optional)
- Click Continue to Next Step. This displays a configuration dialog box.
- Click the I have the SAML configuration button.
- Fill in the fields on the dialog box as follows:
- Assertion Consumer Service (ACS): https://station.trustar.co/saml/SSO
- Entity ID: https://station.trustar.co/saml/metadata
- Application URL: https://station.trustar.co
- Click Continue to Next Step.
- Click Continue to Next Step.
- Download the SAML Metadata file
- Email TruSTAR Support to request activation:
- Email address: email@example.com
- Subject line format: <Your company name> - Ping metadata. For example: ABC Co - Ping metadata
- Body of email: Enter text requesting activation and also attach the downloaded metadata file to the email.
Your Ping SSO configuration will be enabled within two business days of TruSTAR receiving this email. TruSTAR will send you a confirmation and you can then proceed to enable users in Ping.
Enabling SSO in TruSTAR
Users must have an account with the TruSTAR Web App before you can enable SSO for them.
- Log in to the TruSTAR Web App using a Company Administrator account.
- Go to the User Account Management page. You can either paste this link in the browser tab https://station.trustar.co/settings/users or click User Settings in the Navigation Bar and choose Settings on the dropdown menu.
- For each user that you want to enable, click Edit (rightmost column in the table)
- Click SSO Enabled.
- Click Save User.
- Repeat steps 3-5 for each user in your company that you want to enable for Okta SSO.
Using the TruSTAR Ping App
On the user’s Ping hub, they can click the link at the bottom of the TruSTAR section that says “Click the link below to open the Single Sign-On page”.
Ping SSO does not impact or change API credentials. Usage of Python SDK or any other vendor integrations will remain unaffected when you switch a user from non-SSO to SSO-enabled.
Please reach out to firstname.lastname@example.org for any additional questions.