Configure PingFederate as a SAML source

Task 1: Create a PingFederate SAML Application

1. In PingFederate, create a SAML Application.
2. Under General Info, enter your Vulnerability Management (InsightVM) Security Console Entity ID URL in the Partner’s Entity ID (Connection ID) field.
3. Under the Assertion Consumer Service (ACS) URL, paste your Vulnerability Management (InsightVM) Security Console ACS URL in the Endpoint field. If the ACS URL contains a hostname or full-qualified domain name (FQDN), set a Base Entity URL in the Vulnerability Management (InsightVM) Security Console.
4. Under the Attribute Contract, add the following User Attribute names and select the proper format:
   1. SAML_SUBJECT = nameid-format:emailAddress
   2. Email = attrname-format:basic
5. Download the PingFederate metadata XML file.

Task 2: Upload PingFederate metadata to Vulnerability Management (InsightVM)

1. Log in to the Vulnerability Management (InsightVM) Security Console.
2. Go to Administration.
3. Under Console > Authentication, select 2FA and SSO.
4. Click CONFIGURE SAML SOURCE.
5. Click Choose File and select the PingFederate metadata XML file.
6. Click Open.
7. Save and restart the Vulnerability Management (InsightVM) Security Console service.

Task 3: Create users on the Vulnerability Management (InsightVM) console

1. Log in to the Vulnerability Management (InsightVM) Security Console.
2. Go to Administration > User Management > Add User.
3. Fill out the required fields. Note that email address is case sensitive and must match the existing identity provider user account email exactly.
4. From the Authorization Method drop-down menu, select SAML.
5. Select a User Role.
6. Assign Site and Asset Group Permissions.
7. Click Add.

Now, you can use the PingFederate SSO App Endpoint URL to authenticate in to your Vulnerability Management (InsightVM) Security Console.