PingOne

This page provides example instructions for setting up an Authentication Server using SAML and PingOne with your Cloud Security (InsightCloudSec) Platform. Refer to PingOne  for any details on using their product.

Prerequisites

Before getting started you will need to have the following

• A functioning Cloud Security (InsightCloudSec) platform
• Appropriate Cloud Security (InsightCloudSec) permissions (Domain Admin or Org Admin)
• Administrative access for your PingOne account

To properly configure PingOne, both PingOne and Cloud Security (InsightCloudSec) need to exchange metadata. Be sure to follow all below steps thoroughly.

For questions or issues reach out to us through the Customer Support Portal .

Configuring an Authentication Server Using SAML & PingOne”

Steps to Complete in Cloud Security (InsightCloudSec) (Part 1)

1. To obtain the SP metadata, log into Cloud Security (InsightCloudSec) and navigate to Settings > User Management.
2. From the Authentication Servers tab click on the Add Server button.
3. Provide a nickname for your server and select SAML as the Server Type.
4. Copy the Metadata Identifier URL. The Metadata Identifier URL will look something like this:
   https://<insightcloudsecbaseurl>/v3/auth/provider/saml/20/metadata/

Steps to Complete in PingOne

These steps assume that you have the required Metadata Identifier URL from the Create Authentication Server window in Cloud Security (InsightCloudSec).

1. Access your PingOne account.
2. Click Applications > Add Application > New SAML Application.
3. Configure the Application as follows:
   • Update the description, category, and application icon consistent with your environment.
4. Click Continue to Next Step.
5. Click Or use URL next to Upload Metadata.
6. Import the Service Provider (SP) metadata into PingOne. Copy the Metadata Identifier URL from Cloud Security (InsightCloudSec) (see above — part 1, step 4) and paste it into the Upload Metadata URL field. *All other necessary fields will auto-fill once this is done.
7. Complete your Attribute Mapping.
   • Provide any application attribute(s) you would like to authenticate against. In this example, we have opted to use the Name ID / Username attribute.
   • Click Save & Exit. You’ll be returned to the Applications page.
8. Export metadata from PingOne (for import to Cloud Security (InsightCloudSec)).
   • Ensure the application is enabled.
   • Click the black arrow next to the application to expand the application details.
   • Click Download next to SAML Metadata to obtain the XML file needed to update Cloud Security (InsightCloudSec).

Steps to Complete in Cloud Security (InsightCloudSec) (Part 2)

These steps assume you are still working from the Settings > User Management on the Authentication Servers tab with an active window to create a new SAML Authentication server.

1. Open the XML file from PingOne to complete the form as required for your organization.

   • Select the Global Scope checkbox if you want to use this server across multiple Cloud Security (InsightCloudSec) Organizations. Learn more about Organizations.
   • Note the following fields are the minimum required (all subsequent fields will vary/are optional based on your environment and requirements):
     • IDP Entity ID/Metadata URL
     • SSO URL
     • IDP x509 Certificate

   For any fields labeled JIT, these options refer to our Just In-Time Provisioning capabilities, you can read details on these capabilities in our Just In-Time User Provisioning (Authentication Server Support) documentation.

2. After completing the form as desired, click Submit to finalize the Authentication Server.