In this article, we will be walking you through setting up SAML SSO through PING Identity as a provider
What you will need:
From PING:
- IssuerID
- Initiate Single Sign-on URL
- Ping Signing Certificate (.crt)
From Mobilize:
- https://<mobilizedomain>/users/auth/saml/callback
- https://<mobilizedomain>users/auth/saml/metadata
Note: These domains must be linked to your community's current domain. If your domain updates or if you are using a custom domain- the new domain must be reflected here.
Setting up SSO through PING Identity
1- Start setting up a new application for Mobilize SAML SSO
From Ping Security head into your applications and click on add new application
Selecting SAML
From here, create a name like Mobilize SSO and click next
[photo]
2- Configure SAML connection
Enter in this address filing in your domain- https://<mobilizedomain>/users/auth/saml/callback
Next, download the signing certificate (.CERT) and remember the name you use to save this file, we will be using this later on.
In Entity ID enter- https://<mobilizedomain>users/auth/saml/metadata
Set Assertion Validity Duration to 60
In Target Application URL https://<mobilizedomain>users/auth/saml/callback
4- Setting up your Certificate’s Fingerprint
Using a shell application like Mac’s Terminal, select the directory and locate your Signing Certificate (.cert) file.
In the shell run the following command-
openssl x509 -noout -fingerprint -sha1 -inform pem -in <signingcertificate.cert>
Replacing <signingcertificate.cert> with the file’s name
This will give you the fingerprint ID you need in Mobilize.
5- SAML Setup in Mobilize
On the Mobilize side of things
First head to the Authentication section from the Community Settings Menu-
We are going to be taking the Fingerprint ID we just created and paste it into the Certificate Fingerprint ID field
Then, from PING, take the Issuer ID and paste it in the Metadata URL field
Take the Initiate Single Sign-On URL and paste it into the SSO target URL
3. Personalize Your Experience
Now, select the group you would like to use as the ‘main group’. This is the group all new members will be provisioned to. After selecting the group, you can also sync over any identity fields and link them to your user’s profile.
This is great for things like interests, locations, dates, ect.
Comments
0 comments
Please sign in to leave a comment.