05-27-2024 04:41 PM
In this article, we will explain how to integrate Cloudpath with PingIdentity as the Identity Provider (IdP) for SAML Authentication.
1. Create the Workflow on Cloudpath and add the required Plug-Ins except the SAML authentication plug-in. We will add this plug-in after the configuration on PingIdentity (IdP) side and will publish it.
2. Copy the Workflow URL (Enrollment portal URL) from Advanced tab and keep it handy for use in later steps.
3. Go to PingIdentity Portal. Select Applications > Click on + sign to create a new SAML application for Cloudpath.
4. Enter the name of the Application, add description and choose SAML as the Application type and hit Save button.
5. At this point, it will give us three options for SAML Configuration. Use "Manually Enter" option to enter the ACS URL and the Entity ID of the Service Provider (SP) which in our case is the Cloudpath server. ACS URL and SP Entity Id configuration is given in the next step.
6. In the ACS URL option, paste the Workflow URL we copied in Step 2 and append it with /samlAssertionConsumer as shown in the following screenshot :-
6. In the Entity Id option, enter the Cloudpath URL followed by /sp as shown in the screenshot below and hit Save.
7. Next, Go to the Configuration tab of the SAML app and download the metadata. This will be used in Configuring the SAML based plug-in on Cloudpath Workflow.
8. Now go to Cloudpath and edit the Workflow you created and add a plug-in “Authenticate to a Traditional authentication server” and choose SAML.
9. Choose the IdP metadata type as XML and copy the metadata into the IdP metadata XML option.
10. Next comes the IdP Entity-Id. For this, go back to PingIdentity, under the Configuration tab where we had downloaded the metadata, we can see the “Issuer Id”. This is our IdP Entity-Id that needs to be entered in the Cloudpath IdP Entity-Id option :-
11. In the SP Entity ID option, enter the same URL as in Step 6.
12. Scroll down to SAML options and select "Exact" in the AuthN Context Comparison. This may change based on your requirement.
13. Leave all other settings as default unless you want to customize the configuration based on your requirement and publish the Workflow and test it. Following is a screenshot of the Enrollment details tab showing user successfully completed the SAML authentication of the workflow :-
Regards,