This article reviews how MindTouch supports SAML SSO with Ping Identity's PingOne SAML SSO service.
PingIdentity's PingFederate is not supported at this time. The following informationis intended to supplement a PingOne administrator's expertise. It is assumed that future PingOne updates may change the accuracy of this documentation.
- Admin access to MindTouch
- Admin access to PingOne
- Understand how enabling SAML SSO may affect your implementation or workflows
- Working knowledge of SAML SSO and SLO scenarios
- Understand SAML SSO features supported for PingOne
How to set up MindTouch SAML SSO in PingOne
MindTouch SAML SSO is already available in PingOne's application catalog. Follow the steps below to configure MindTouch to be accessed via SAML SSO:
Step 1: Add the MindTouch SAML SSO app
To add MindTouch SAML SSO to your application dock, perform the following steps:
- Log into PingOne.
- Navigate to Applications > My Applications > Search Application Catalog.
- Search for "mindtouch" and add the MindTouch application. If two applications are shown (Basic SSO and SAML), be sure to choose the SAML application.
Step 2: Download the IdP SAML metadata
In the Application Configuration page, download the PingOne IdP SAML metadata.
Step 3: Configure for SAML SSO in MindTouch
In MindTouch, navigate to Site tools > Control panel > Authentication > Single Sign-On > SAML:
Step 4: Configure PingOne settings
There are two approaches you may take to configure the SAML SSO settings in PingOne: (1) Automated by uploading the MindTouch federation metadata document or (2) Manually by entering information into the fields.
(1) Automatically import configuration information
- To automate the SAML SSO configuration, upload the federation metadata document downloaded in Step 3.
If your MindTouch site is not behind a VPN or IP-restriction rules, you can provide PingOne with the URL to your MindTouch site's Federation Metadata XML Document: https://example.com/@app/saml/metadata. Otherwise, you may navigate to this URL directly, download the content and upload to PingOne.
- Review the auto-configured settings and provide any missing information (see section below).
(2) Manually enter configuration information
- Fill out the PingOne application configuration as described below:
example.comwith the hostname of your MindTouch site.
- Upload your SP certificate to the Verification Certificate field.
Step 5: Map attributes
Attributes allow you to map your PingOne identity bridge records to SAML SSO assertion attributes. For more information about how MindTouch uses these attributes, see our technical notes on SAML SSO. Note that the name of the group synchronization attribute is always Group if using the PingOne MindTouch SAML SSO application.
Need more help?
If you are interested in setting up SSO with PingOne and have further questions, don't hesitate to reach out to our Support team.