• Home
• Login with External IDP
• PingOne Single Sign-On

Configure PingOne as SAML or OAuth IDP for SSO

---

miniOrange Identity Broker service solution enables cross protocol authentication. You can configure PingOne as an IDP for Single Sign-On (SSO) into your applications/websites. Here, PingOne will act as an Identity Provider (IDP) and miniOrange will act as a broker.

We offer a pre-built solution for integrating with PingOne, making it easier and quick to implement. Our team can also help you set up PingOne as SAML or OAuth IDP to login into your applications.

1. Configure miniOrange as SP in PingOne

Mentioned below are steps to configure PingOne as IDP via SAML and OAuth configuration. Follow the steps accordingly based on your requirement (SAML or OAuth).

• SAML
• OAuth

• Go to miniOrange Admin console and navigate to Identity Providers in the left navigation menu. Then, click on Add Identity Provider button.



• In Choose Identity Provider, select SAML from the dropdown.



• Search for PingOne in the list. If you don’t find it, search for SAML Provider and set up your application there.



• Now click on the Click here link to get miniOrange metadata as shown in Screen below.



• For SP -INITIATED SSO section, select Show Metadata Details.



• Then, click on Download Metadata.



• Log in to PingOne Admin.
• Go to Application >> Add Application. Click on New SAML Application.



• Enter the application details and click on Continue to Next Step.
  Application Name, Application Description, and Category are required fields. For logos and icons, PNG is the only supported graphics format.



• You can also upload the metadata in the option given on this step.



• After the SP metadata is filled in, please download the SAML metadata from here(refer above image) and click on Continue to Next Step.
• You can view or edit the claims sent in the SAML token to the application on this step.




• Click on Continue to Next Step to assign groups else click on Save & Exit to save the settings.

• Login to your Ping Federate User Admin dashboard.
• Click on the OAuth Server in the left navigation menu.
• Under Clients, click on Create New.



• Enter the Client ID, Name and Description. Select Client Secret in Client Authentication and click on Generate Secret. Take a note of your Client ID & Client Secret.



• To get the Redirect URL:
• Go to miniOrange Admin Console.
• From the left navigation bar select Identity Providers >> click Add Identity Provider.



• In Choose Identity Provider, select OAuth/OpenID from the dropdown.



• Search for PingOne in the list. If you don’t find it, search for OAuth Provider and set up your application there.



• Keep the OAuth Callback URL as Redirect URL, required for next step.



• Back in Ping Federate, copy the Redirect/Callback URL and enter it in Redirect URIs field and click on Add. Select the Authorization Code grant type and click on Save.



• You have successfully completed your Ping Federate App OAuth configurations.

2. Configure PingOne as IDP in miniOrange

• SAML
• OAuth

• Return to the miniOrange Admin Console (you should have kept it open from Step 1).
• Click on Import IDP metadata.



• Choose an appropriate IDP name. Browse for the file downloaded from PingOne.
• Click on Import.



• As shown in the below screen the IDP Entity ID, SAML SSO Login URL and x.509 Certificate will be filled from the Metadata file we just imported.



• Click Save.

• Return to the miniOrange Admin Console (you should have kept it open from Step 1).
• Enter the following values.

Display Name	Enter appropriate Name
Client ID	From step 1
Client secret	From step 1
Authorization Endpoint	https://{your-base-url}/as/authorization.oauth2
Token Endpoint	https://{your-base-url}/as/token.oauth2
User Info Endpoint (optional)	https://{your-base-url}/idp/userinfo.oauth2
Scopes	auto





Click on Save.

3. Test Connection

• Visit your Login Page URL.
• Go to Identity Providers tab.
• Search for your app, click the three dots in the Actions menu, and select Test Connection against the Identity Provider (IDP) you configured.



• On entering valid PingOne credentials (credentials of user assigned to app created in PingOne), you will see a pop-up window which is shown in the below screen.



• Hence your configuration of PingOne as IDP in miniOrange is successfully completed.

Configure Attribute Mapping

• Go to Identity Providers.
• Click the three dots in the Actions menu, and select Attribute Mapping against the Identity Provider (IDP) you configured.

• Attribute Type - USER
• Attribute Type - EXTERNAL

Maps information, such as email and username, during Just-In-Time (JIT) user creation. Email and Username attributes are necessary to create the user profile.

• Click on the + Add Attribute button to add the attribute fields.



• Check the attributes in the Test Connection window from the previous step. Choose any attribute names you want to send to your application under Attribute Name sent to SP.
• Enter the values of the attributes coming from IdP into the Attribute Name from IdP field on the Xecurify side.

EXTERNAL mappings help alter incoming attribute names before sending them to apps, ensuring that the data is in the correct format.

• Click on the + Add Attribute button to add the attribute fields.



• Check attributes in test connection window from last step. Enter the attribute names (any name) that you want to send to your application under Attribute Name sent to SP.
• Enter the value of attributes that are coming from IdP into the Attribute Name from IdP field on the Xecurify side.

External References

• What is Identity Brokering?
• What are the factors that make miniOrange a desirable choice?
• What is IAM? Know more about IAM and it Solution