Configure PingFederate as a SAML source

Task 1: Create a PingFederate SAML Application

  1. In PingFederate, create a SAML Application.
  2. Under General Info, enter your InsightVM Security Console Entity ID URL in the Partner’s Entity ID (Connection ID) field.
  3. Under the Assertion Consumer Service (ACS) URL, paste your InsightVM Security Console ACS URL in the Endpoint field. If the ACS URL contains a hostname or full-qualified domain name (FQDN), set a Base Entity URL in the InsightVM Security Console.
  4. Under the Attribute Contract, add the following User Attribute names and select the proper format:
    1. SAML_SUBJECT = nameid-format:emailAddress
    2. Email = attrname-format:basic
  5. Download the PingFederate metadata XML file.

Task 2: Upload PingFederate metadata to InsightVM

  1. Log in to the InsightVM Security Console.
  2. Go to Administration.
  3. Under Console > Authentication, select 2FA and SSO.
  4. Click CONFIGURE SAML SOURCE.
  5. Click Choose File and select the PingFederate metadata XML file.
  6. Click Open.
  7. Save and restart the InsightVM Security Console service.

Task 3: Create users on the InsightVM console

  1. Log in to the InsightVM Security Console.
  2. Go to Administration > User Management > Add User.
  3. Fill out the required fields. Note that email address is case sensitive and must match the existing identity provider user account email exactly.
  4. From the Authorization Method drop-down menu, select SAML.
  5. Select a User Role.
  6. Assign Site and Asset Group Permissions.
  7. Click Add.

Now, you can use the PingFederate SSO App Endpoint URL to authenticate in to your InsightVM Security Console.