PingOne

Instructions for Configuration of PingOne as an Authentication Server with InsightCloudSec

This page provides example instructions for setting up an Authentication Server using SAML and PingOne with your InsightCloudSec Platform. Refer to PingOne for any details on using their product.

Prerequisites

Before getting started you will need to have the following

  • A functioning InsightCloudSec platform
  • Appropriate InsightCloudSec permissions (Domain Admin or Org Admin)
  • Administrative access for your PingOne account

Note: To properly configure PingOne, both PingOne and InsightCloudSec need to exchange metadata. Be sure to follow all below steps thoroughly.

For questions or issues reach out to us through the Customer Support Portal.

📘

Value Names (DivvyCloud vs. InsightCloudSec)

Some components, screen captures, examples, and values use our former product name (DivvyCloud vs. InsightCloudSec). Updates to the naming of these components will be communicated when changes are made, but note that the name difference does not affect functionality within the product.

Configuring an Authentication Server Using SAML & PingOne

Steps to Complete in InsightCloudSec (Part 1)

1. To obtain the SP metadata, log into InsightCloudSec and navigate to "Administration --> Identity Management".

2. From the "Authentication Servers" tab click on the "Add Server" button.

28802880

Add an Authentication Server

3. Provide a nickname for your server and select "SAML" as the Server Type.

4. Copy the Metadata Identifier URL. The Metadata Identifier URL will look something like this:

  • https:/divvycloudbaseurl.net/v3/auth/provider/saml/20/metadata/
28842884

Add Authentication Server - PingOne SAML Example

Steps to Complete in PingOne

These steps assume that you have the required Metadata Identifier URL from the "Create Authentication Server" window in InsightCloudSec.

1. Access your PingOne account.

2. Click "Applications --> Add Application --> New SAML Application".

3. Configure the Application as follows:

  • Update the description, category, and application icon consistent with your environment.
  • Note: While this example uses DivvyCloud you can also use InsightCloudSec, just ensure you are consistent in the naming throughout the process.
18621862

Example PingOne Application - Step 1

4. Click "Continue to Next Step".

5. Click "Or use URL" next to "Upload Metadata".

14041404

Example PingOne Application - Step 2

6. Import the Service Provider (SP) metadata into PingOne.

  • Copy the Metadata Identifier URL from InsightCloudSec (see above -- part 1, step 4) and paste it into the "Upload Metadata" URL field. All other necessary fields will auto-fill once this is done.
14201420

Example PingOne Application - Step 2 (Filled)

7. Complete your Attribute Mapping.

  • Provide any application attribute(s) you would like to authenticate against. In this example, we have opted to use the Name ID / Username attribute.
  • Click "Save & Exit". You'll be returned to the "Applications" page.
14781478

PingOne Attribute Mapping

8. Export metadata from PingOne (for import to InsightCloudSec).

  • Ensure the application is enabled.
  • Click the black arrow next to the application to expand the application details.
  • Click "Download" next to "SAML Metadata" to obtain the xml file needed to update InsightCloudSec.
14401440

Download PingOne Metadata

Steps to Complete in InsightCloudSec (Part 2)

These steps assume you are still working from the "Administration --> Identity Management" on the "Authentication Servers" tab with an active window to create a new SAML Authentication server. We are resuming these instructions at Step #6.

5. Open the XML file from PingOne to complete the form as required for your organization.

  • Select the Global Scope checkbox if you want to use this server across multiple InsightCloudSec Organizations. Learn more about Organizations.
  • Note the following fields are the minimum required (all subsequent fields will vary/are optional based on your environment and requirements):
    • Idp Entity ID/Metadata URL
    • SSO URL
    • Idp x509 Certificate

For any fields labeled "JIT", these options refer to our Just In-Time Provisioning capabilities, you can read details on these capabilities in our Just In-Time User Provisioning (Authentication Server Support) documentation.

19921992

Example InsightCloudSec SAML Authentication Form

6. After completing the form as desired, click "Submit" to finalize the Authentication Server.


Did this page help you?