ping-identity-integration

Ping Identity Integration

LoginRadius allows your team members to log in to LoginRadius Admin Console using the Ping Identity account. Using the federated SAML protocol, you can create a Single Sign-On (SSO) workflow between the Ping Identity application and LoginRadius Admin Console.

Configuring SAML settings in the Ping Identity application

Log in to your Ping Identity dashboard
Click on the Add a SAML App or Connections option on the Home Page.
It will open the default apps provided by Ping Identity.
Click on the + icon at the top to add a new service/application.
Select Advance Configuration to create a new SAML app and Click Configure.
On the next screen, add the Application Name, Description, and icon image.
Select the Manually Enter option to add the app Metadata under Configure SAML Connection section on the next page.
Enter the Assertion Consumer Service (ACS) URL as https://lr.hub.loginradius.com/saml/serviceprovider/SpInitiatedACS.aspx.
Leave the SIGNING KEY, SIGNING ALGORITHM, and Encryption as default.
In ENTITY ID, enter https://lr.hub.loginradius.com/.
Under SLO ENDPOINT and SLO RESPONSE ENDPOINT, enter https://adminconsole.loginradius.com/logout and https://adminconsole.loginradius.com/dashboard respectively.
Under SUBJECT NAMEID FORMAT enter urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
The Assertion validity duration is the maximum amount of time (in seconds) that an assertion is valid.
The Target application URL is required by some applications as the target URL. Put https://accounts.loginradius.com/ in it. The application URL is passed in the RelayState parameter in the SAML response.
Leave Enforce signed Authn request and Verification certificate as default.
Click Save and Continue.
In attribute mapping, select the PingOne user attributes and map it to the same attribute in the LoginRadius Admin Console. (reference screenshots are attached at the end of this section)
After filling this click Save and Close.
For other details and attributes, refer to the LoginRadius SAML document. See the below screenshot for your reference:
Once all the settings are saved, the application will appear on the home page. You need to enable the user access by toggle button to make it active.
You can download the METADATA as mentioned in the below screenshot as it is required to be filled in the LoginRadius Admin Console.

Configuring LoginRadius Admin Console

Log in to your LoginRadius Admin Console.
Navigate to your team management section in LoginRadius Admin Console from here.
Click on SAML under the Single Sign-On tab.
Fill in the below form as:
- Select the Service Provider Initiated Login flow from Login Flow.
- In ID Provider Binding value, enter urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
- In ID Provider Location, enter the IdP-Initiated Login URL which you will get from the Ping Identity app dashboard or metadata file.
- ID Provider Certificate: enter Ping Identity SAML value. You can get this from the metadata XML downloaded above. You must format it in the correct format using the online tool.
- Enter LoginRadius' Certificate and Key in SERVICE PROVIDER CERTIFICATE and SERVICE PROVIDER CERTIFICATE.
  
  Note: Certificate and Key can be generated using online tools, with Bits and Digest Algorithm 2056, SHA256 respectively.
- For DATA MAPPING, select the LoginRadius' fields (SP fields) and enter the corresponding Ping Identity, e.g.

Fields	Profile Key
Email	saml_subject

Note: The value of the key and the name field on the Ping Identity Should be the same. If not, it will not return the value.

Once all the required fields are completed, scroll down and hit Add.
Make Sure that the email address given in the Ping Identity for sign-in must be added as a team member in the Team management section to Access the LoginRadius Admin Console.