PingOne

This page provides example instructions for setting up an Authentication Server using SAML and PingOne with your InsightCloudSec Platform. Refer to PingOne for any details on using their product.

Prerequisites

Before getting started you will need to have the following

• A functioning InsightCloudSec platform
• Appropriate InsightCloudSec permissions (Domain Admin or Org Admin)
• Administrative access for your PingOne account

Note: To properly configure PingOne, both PingOne and InsightCloudSec need to exchange metadata. Be sure to follow all below steps thoroughly.

For questions or issues reach out to us through the Customer Support Portal.

📘

Value Names (DivvyCloud vs. InsightCloudSec)

Some components, screen captures, examples, and values use our former product name (DivvyCloud vs. InsightCloudSec). Updates to the naming of these components will be communicated when changes are made, but note that the name difference does not affect functionality within the product.

Configuring an Authentication Server Using SAML & PingOne

Steps to Complete in InsightCloudSec (Part 1)

1. To obtain the SP metadata, log into InsightCloudSec and navigate to "Administration --> Identity Management".

2. From the "Authentication Servers" tab click on the "Add Server" button.

3. Provide a nickname for your server and select "SAML" as the Server Type.

4. Copy the Metadata Identifier URL. The Metadata Identifier URL will look something like this:

• https:/divvycloudbaseurl.net/v3/auth/provider/saml/20/metadata/

Steps to Complete in PingOne

These steps assume that you have the required Metadata Identifier URL from the "Create Authentication Server" window in InsightCloudSec.

1. Access your PingOne account.

2. Click "Applications --> Add Application --> New SAML Application".

3. Configure the Application as follows:

• Update the description, category, and application icon consistent with your environment.
• Note: While this example uses DivvyCloud you can also use InsightCloudSec, just ensure you are consistent in the naming throughout the process.

4. Click "Continue to Next Step".

5. Click "Or use URL" next to "Upload Metadata".

6. Import the Service Provider (SP) metadata into PingOne.

• Copy the Metadata Identifier URL from InsightCloudSec (see above -- part 1, step 4) and paste it into the "Upload Metadata" URL field. All other necessary fields will auto-fill once this is done.

7. Complete your Attribute Mapping.

• Provide any application attribute(s) you would like to authenticate against. In this example, we have opted to use the Name ID / Username attribute.
• Click "Save & Exit". You'll be returned to the "Applications" page.

8. Export metadata from PingOne (for import to InsightCloudSec).

• Ensure the application is enabled.
• Click the black arrow next to the application to expand the application details.
• Click "Download" next to "SAML Metadata" to obtain the xml file needed to update InsightCloudSec.

Steps to Complete in InsightCloudSec (Part 2)

These steps assume you are still working from the "Administration --> Identity Management" on the "Authentication Servers" tab with an active window to create a new SAML Authentication server. We are resuming these instructions at Step #6.

5. Open the XML file from PingOne to complete the form as required for your organization.

• Select the Global Scope checkbox if you want to use this server across multiple InsightCloudSec Organizations. Learn more about Organizations.
• Note the following fields are the minimum required (all subsequent fields will vary/are optional based on your environment and requirements):
  • Idp Entity ID/Metadata URL
  • SSO URL
  • Idp x509 Certificate

For any fields labeled "JIT", these options refer to our Just In-Time Provisioning capabilities, you can read details on these capabilities in our Just In-Time User Provisioning (Authentication Server Support) documentation.

6. After completing the form as desired, click "Submit" to finalize the Authentication Server.