Configure PingOne SSO

You can configure PingOne ("Ping") SSO login to the Threat Command.

To configure Ping SSO, you must do the following:

• Download the Ping SSO certificate
• Configure the Threat Command to accept the Ping sign-in
• Configure Ping SSO to work with Threat Command

Download the Ping SSO certificate

Download the Ping certificate that is needed for the Threat Command.

Before you begin, ensure that you can access the Ping account as an administrator.

To download the Ping SSO certificate:

1. Log in to PingOne as an administrator.
2. Download the Ping certificate:
   1. From the Applications**** menu, select My Applications.
   2. Click Add Application, then search the application catalog for Rapid7.
   3. On the Rapid7 application line, click the right arrow. 
      
   4. Click Setup.
   5. From the SSO Instructions section, click Download.
      The pingone-signing.crt file is downloaded to the default location.
      You can rename this file.

Configure the Threat Command to accept the Ping sign-in

In the Threat Command, configure the Ping single sign-on (known as SAML single sign-on).

Before you begin, ensure that:

• You can access the Threat Command as an administrator.
• You can access the location to where the Ping certificate was downloaded.

To configure Ping:

1. Log in to Threat Command as an administrator.
2. From the Threat Command main menu, select Settings > Authentication. 
3. For Provider name, select ping :
   
4. Upload the ping certificate that was downloaded in the [previous section](#download-the-ping-sso-certificate.
5. In the Force logout section, set the maximum hours for a user session to remain valid. 
   After this time period, the user must sign in through their SSO to regain access to the Threat Command.
6. Click Save changes.

Configure Ping SSO to work with Threat Command

Configure PingOne so the SSO is accepted for the Threat Command.

Before you begin, ensure that you can access the Ping account as an administrator.

To configure Ping SSO:

1. If you are not already logged in, log in as an administrator.
2. From the SSO Instructions page, click Continue to Next Step.
   If you were logged out, you can get to the SSO Instructions section as described here.
3. On the Connection Configuration page, click Continue to Next Step.
4. On the Attribute Mapping page, in the Identity Bridge Attribute or Literal Value field, select Email :
   
5. Click Continue to Next Step.
6. On the PingOne App Customization - Rapid7 page, you can customize, then click Continue to Next Step.
7. On the Group Access page, you can select a group, then click Continue to Next Step.
8. On the Review Setup screen, review the details, then click Finish.
9. Initiate the first sign-in:
   1. Select the My Applications page, then click the Rapid7 application.
   2. On the My Applications > SAML page, copy the Initiate Single Sign-On (SSO) URL :
      
   3. Copy the URL to a blank browser window, then press Enter.
      A sign-in to the Threat Command is attempted.

If the sign-in succeeds, the SSO was set-up successfully.