Ping Identity (SSO)

Updated 4 days ago by Sachit Soni

SSO Overview

We are using SAML 2.0 standard to enable SSO with Ping. You can learn more about Ping's SAML documentation here (https://www.pingidentity.com/developer/en/index.html). For the purpose of our SSO implementation please keep in mind the following:

IDP - Identity Provider. In our implementation, Ping serves as the IDP. For other configurations please contact support@trustar.co

SP- Service Provider. In our implementation TruSTAR is the Service Provider.

Configuration

TruSTAR uses SAML 2.0 to provide SSO capabilities where Ping serves as the Identity Provider (IDP). 

Configuration of Ping SSO is a 3 step process. You will need a Ping Identity Administrator account to complete these steps.

Step 1 - Send TruSTAR the IDP Metadata XML

  1. Download the TruSTAR app from PingOne application network.
  2. Search for “TruSTAR” in the Search bar on the left and you should see TruSTAR app show up. Click on “Add” button.
  3. Click on “Applications” tab in the top menu.
  4. You should see the TruSTAR app listed under 'My Applications'. Navigate to 'Add Application' dropdown and select 'New SAML Application'
  5. Fill out the fields with the following:
    1. Application Name: TruSTAR
    2. Application Description: TruSTAR Station
    3. Category: Information Technology
    4. Application Icon (optional)
  6. Continue to Next Step for Application Configuration
    Use 'I have the SAML configuration' form
  7. Fill in the fields accordingly:
    1. Assertion Consumer Service (ACS): https://station.trustar.co/saml/SSO
    2. Entity ID: https://station.trustar.co/saml/metadata
    3. Application URL: https://station.trustar.co
  8. Continue to Next step
  9. Continue to Next step
  10. Download the SAML Metadata file and share with support@trustar.co to get enabled. Send the email request with the subject containing your company name and Ping Identity request (i.e ABC company - Ping metadata)
  11. Your Ping SSO configuration will be enabled within 2 business days of receiving this metadata file. We will send you a confirmation and you can then proceed to Step 2.

Step 2.a. - Enable SSO for existing user(s) on TruSTAR

You can follow these steps if a user already exists on TruSTAR. Go to Step 2.b. If you are creating a new user on TruSTAR and also want to enable SSO for them.

  1. Log into TruSTAR station (https://station.trustar.co) using a Company Administrator account.
  2. Go to User account management page. You can either paste this link in the browser tab https://station.trustar.co/settings/users , or click on username tab (top right) -> Settings-> Users.
  3. For each user that you want Ping SSO enabled click on the “Edit” (rightmost column in the table)
    1. Then click on “SSO Enabled” and “Save User” button.
After you enable SSO for a specific user they will no longer be able to use their username/password to log into TruSTAR Station. If you disable SSO for a user they will automatically be sent a system generated password reset email.
Repeat #2 for all users in your company you want SSO enabled.

Step 2.b. - Enable SSO for new user(s) on TruSTAR

  1. Log into TruSTAR station (https://station.trustar.co) using a Company Administrator account.
  2. Go to User account management page. You can either paste this link in the browser tab https://station.trustar.co/settings/users , or click on username tab (top right) -> Settings-> Users.
  3. Click on “Add Users” button.
  4. Create the new user. Use the same email address as the one used for their Ping login/SSO.
  5. Click on Save User.
  6. Click on Send Confirmation link for that user. You can find this under Status column.
  7. After the user activates their account, you can follow instructions in Step 2.a.

Using the TruSTAR Ping App

Login with Ping. On the user’s ping hub, they should click the link at the bottom of the TruSTAR section that says “Click the link below to open the Single Sign-On page” (see attached screenshot)

FAQ

Ping SSO does not impact your API credentials. They will remain unchanged. Usage of Python SDK or any other vendor integrations will remain unaffected when you switch a user from non-SSO to SSO enabled.

Please reach out to support@trustar.co for any additional questions.


How Did We Do?