Skip to main content

Set up SAML SSO with PingOne

This page applies to:MindTouch Responsive

PingOne logo

 This article reviews how MindTouch supports SAML SSO with Ping Identity's PingOne SAML SSO service.
 

PingIdentity's PingFederate is not supported at this time. The following information   is intended to supplement a PingOne administrator's expertise. It is assumed that future PingOne updates may change the accuracy of this documentation.

 

Prerequisites


How to set up MindTouch SAML SSO in PingOne


MindTouch SAML SSO is already available in PingOne's application catalog. Follow the steps below to configure MindTouch to be accessed via SAML SSO: 

Step 1: Add the MindTouch SAML SSO app 

To add MindTouch SAML SSO to your  application dock, perform the following steps:

  1. Log into PingOne.
  2. Navigate to Applications > My Applications > Search Application Catalog.
  3. Search for "mindtouch" and add the MindTouch application. If two applications are shown (Basic SSO and SAML), be sure to choose the SAML application.

Screenshot of add application screen in PingOne

Step 2: Download the IdP SAML metadata 

In the Application Configuration page, download the PingOne IdP SAML metadata.

Screenshot of downloading PingOne metadata

Step 3: Configure for SAML SSO in MindTouch 

In MindTouch,  navigate to Site tools > Control panel > Authentication > Single Sign-On > SAML:

Step 4: Configure PingOne settings 

There are two approaches you may take to configure the SAML SSO settings in PingOne: (1) Automated by uploading the MindTouch federation metadata document or (2) Manually by entering information into the fields.

(1) Automatically import configuration information

  • To automate the SAML SSO configuration, upload the federation metadata document downloaded in Step 3.

Screenshot of uploading metadata in PingOne

If your MindTouch site is not behind a VPN or IP-restriction rules, you can provide PingOne with the URL to your MindTouch site's Federation Metadata XML Document: https://example.com/@app/saml/metadata. Otherwise, you may navigate to this URL directly, download the content and upload to PingOne.

  • Review the auto-configured settings and provide any missing information (see section below).
     

(2) Manually enter configuration information

  • Fill out the PingOne application configuration as described below:

Screenshot of PingOne configuration

  • Replace ${hostname} and example.com with the hostname of your MindTouch site.
  • Upload your SP certificate to the Verification Certificate field.

Step 5: Map attributes

Attributes allow you to map your PingOne identity bridge records to SAML SSO assertion attributes. For more information about how MindTouch uses these attributes, see our technical notes on SAML SSO. Note that the name of the group synchronization attribute is always Group if using the PingOne MindTouch SAML SSO application.

Screenshot of PingOne attribute mapping
 

Need more help?


If you are interested in setting up SSO with PingOne and have further questions, don't hesitate to reach out to our Support team.