Configure PingFederate as a SAML source
Task 1: Create a PingFederate SAML Application
- In PingFederate, create a SAML Application.
- Under General Info, enter your InsightVM Security Console Entity ID URL in the Partner’s Entity ID (Connection ID) field.
- Under the Assertion Consumer Service (ACS) URL, paste your InsightVM Security Console ACS URL in the Endpoint field. If the ACS URL contains a hostname or full-qualified domain name (FQDN), set a Base Entity URL in the InsightVM Security Console.
- Under the Attribute Contract, add the following User Attribute names and select the proper format:
SAML_SUBJECT = nameid-format:emailAddress
Email = attrname-format:basic
- Download the PingFederate metadata XML file.
Task 2: Upload PingFederate metadata to InsightVM
- Log in to the InsightVM Security Console.
- Go to Administration.
- Under Console > Authentication, select 2FA and SSO.
- Click CONFIGURE SAML SOURCE.
- Click Choose File and select the PingFederate metadata XML file.
- Click Open.
- Save and restart the InsightVM Security Console service.
Task 3: Create users on the InsightVM console
- Log in to the InsightVM Security Console.
- Go to Administration > User Management > Add User.
- Fill out the required fields. Note that email address is case sensitive and must match the existing identity provider user account email exactly.
- From the Authorization Method drop-down menu, select SAML.
- Select a User Role.
- Assign Site and Asset Group Permissions.
- Click Add.
Now, you can use the PingFederate SSO App Endpoint URL to authenticate in to your InsightVM Security Console.
Did this page help you?