PingOne

This page provides example instructions for setting up an Authentication Server using SAML and PingOne with your InsightCloudSec Platform. Refer to PingOne for any details on using their product.

Prerequisites

Before getting started you will need to have the following

  • A functioning InsightCloudSec platform
  • Appropriate InsightCloudSec permissions (Domain Admin or Org Admin)
  • Administrative access for your PingOne account

To properly configure PingOne, both PingOne and InsightCloudSec need to exchange metadata. Be sure to follow all below steps thoroughly.

For questions or issues reach out to us through the Customer Support Portal.

Product name to be replaced

You may observe that some components, screen captures, or examples use our former product name, DivvyCloud. This doesn't affect the configuration or the product's functionality, and we will notify you as we replace these component names.

Configuring an Authentication Server Using SAML & PingOne"

Steps to Complete in InsightCloudSec (Part 1)

  1. To obtain the SP metadata, log into InsightCloudSec and navigate to Administration > Identity Management.
  2. From the Authentication Servers tab click on the Add Server button.
  3. Provide a nickname for your server and select SAML as the Server Type.
  4. Copy the Metadata Identifier URL. The Metadata Identifier URL will look something like this:
    https://<insightcloudsecbaseurl>/v3/auth/provider/saml/20/metadata/

Steps to Complete in PingOne

These steps assume that you have the required Metadata Identifier URL from the Create Authentication Server window in InsightCloudSec.

  1. Access your PingOne account.
  2. Click Applications > Add Application > New SAML Application.
  3. Configure the Application as follows:
    • Update the description, category, and application icon consistent with your environment.
  4. Click Continue to Next Step.
  5. Click Or use URL next to Upload Metadata.
  6. Import the Service Provider (SP) metadata into PingOne. Copy the Metadata Identifier URL from InsightCloudSec (see above -- part 1, step 4) and paste it into the Upload Metadata URL field. *All other necessary fields will auto-fill once this is done.
  7. Complete your Attribute Mapping.
    • Provide any application attribute(s) you would like to authenticate against. In this example, we have opted to use the Name ID / Username attribute.
    • Click Save & Exit. You'll be returned to the Applications page.
  8. Export metadata from PingOne (for import to InsightCloudSec).
    • Ensure the application is enabled.
    • Click the black arrow next to the application to expand the application details.
    • Click Download next to SAML Metadata to obtain the XML file needed to update InsightCloudSec.

Steps to Complete in InsightCloudSec (Part 2)

These steps assume you are still working from the Administration > Identity Management on the Authentication Servers tab with an active window to create a new SAML Authentication server.

  1. Open the XML file from PingOne to complete the form as required for your organization.

    • Select the Global Scope checkbox if you want to use this server across multiple InsightCloudSec Organizations. Learn more about Organizations.
    • Note the following fields are the minimum required (all subsequent fields will vary/are optional based on your environment and requirements):
      • IDP Entity ID/Metadata URL
      • SSO URL
      • IDP x509 Certificate

    For any fields labeled JIT, these options refer to our Just In-Time Provisioning capabilities, you can read details on these capabilities in our Just In-Time User Provisioning (Authentication Server Support) documentation.

  2. After completing the form as desired, click Submit to finalize the Authentication Server.