Skip to main content

Search

Journey by Forj Support Center

Setup SSO using PING (SAML)

Harrison
  • Updated

In this article, we will be walking you through setting up SAML SSO through PING Identity as a provider

What you will need:

 

From PING:

  • IssuerID
  • Initiate Single Sign-on URL
  • Ping Signing Certificate (.crt)

From Mobilize:

Note: These domains must be linked to your community's current domain.  If your domain updates or if you are using a custom domain- the new domain must be reflected here.

 

Setting up SSO through PING Identity

 

1- Start setting up a new application for Mobilize SAML SSO

From Ping Security head into your applications and click on add new application

 

 

Selecting SAML

 

 

From here, create a name like Mobilize SSO and click next

[photo]

 

 

2- Configure SAML connection

 

 

Enter in this address filing in your domain- https://<mobilizedomain>/users/auth/saml/callback

 

Next, download the signing certificate (.CERT) and remember the name you use to save this file, we will be using this later on.

 

 

 

In Entity ID enter-  https://<mobilizedomain>users/auth/saml/metadata

 

Set Assertion Validity Duration to 60

 

In Target Application URL https://<mobilizedomain>users/auth/saml/callback

 

 

4- Setting up your Certificate’s Fingerprint

Using a shell application like Mac’s Terminal, select the directory and locate your Signing Certificate (.cert) file.  

 

In the shell run the following command-

 openssl x509 -noout -fingerprint -sha1 -inform pem -in <signingcertificate.cert>

 

Replacing <signingcertificate.cert> with the file’s name

 

This will give you the fingerprint ID you need in Mobilize.

 

 

5-  SAML Setup in Mobilize

 

On the Mobilize side of things

 

First head to the Authentication section from the Community Settings Menu-

2022-11-22_10-28-01.png

 

 

We are going to be taking the Fingerprint ID we just created and paste it into the Certificate Fingerprint ID field

 

 

Then, from PING, take the Issuer ID  and paste it in the  Metadata URL field

 

Take the Initiate Single Sign-On URL and paste it into the SSO target URL

 

 

3. Personalize Your Experience

 

Now, select the group you would like to use as the ‘main group’.  This is the group all new members will be provisioned to.  After selecting the group, you can also sync over any identity fields and link them to your user’s profile.  

 

This is great for things like interests, locations, dates, ect.

Comments

0 comments

Article is closed for comments.