Follow

PingOne SAML

This article will detail how you can use PingOne SAML with your FTP Today account.

You will need two browser windows/tabs for these steps.

Create the Identity Service at FTP Today

Log into your FTP Today Site.  Navigate to Settings…Authentication…Identity Service. Click on Add Service.

image001.png

Enter a name for the New Service and select “Ping Identity SAML” as the provider and Save.

image002.png

Create the Application at Ping

Locate the Redirect URL and Logo Download.

image003.png

Log into Ping, select Connectionss and Add application

image004.png

 

Select Web App and Configure for SAML.

image005.png

 

Enter a name and description for the application. Download the logo from your FTP Today Site and upload to Ping. Then select Next.

image006.png

Copy the ACS URL and Entity ID to Ping. Select Sign Assertion & Response, enter 60 for Assertion Validity Duration and select Save and Continue.

image007.png

 

Select Username for the PingOne User Attribute to be provided as the saml_subject, then Save and Close

image008.png

Enable the application for user access.

image009.png

 

Configure the Identity Service at FTP Today

In the PingOne portal, select Configuration for the App you created. Locate the IdP Metadata URL.

image010.png

On your FTP Today Site, select “I want to use a Metadata URL to set this configuration.”, copy the IdP Metadata URL from PingOne and Save.

image011.png

 

 

Assign the user to the application at Ping Identity

Not required.

Add the user at FTP Today

In your FTP Today site, navigate to the Users area and select Add User.

image012.png

 

 

Enter the username as set up in the Ping Identity service and select the identity service you created.  Complete the rest of the fields as needed and Save.

image013.png

Ping Identity supports an advanced security feature that offers further user verification. You may register the user with a unique identifier from Ping Identity.  In addition to matching the User Name to identify the user, we will match the Ping Identity User ID for that user.  Ping Identity must be configured to provide the User ID Value.

Select Attribute Mappings, then Edit.

image014.png

Select Add Attribute and PingOne Attribute.

image015.png

Select User ID as the PingOne User Attribute, enter “userid” as the Application Attribute, check Required and Save.

image016.png

Navigate to the user at Ping Identity, select API and locate the User ID.

image017.png

Paste the Ping Identity User ID into the IdP User Unique Identifier and Save.

image018.png

 

If the user already exists in your FTP Today site, you may change these settings on the Authentication tab for the user.

 


                User access through FTP Today

Navigate to the site and enter the username and click Next.

image019.png

 

There will be a brief “Authenticating” message. 

image020.png

If the user does not have an open session with Okta, they will have to authenticate.

 

image021.png

The user will now be logged into your FTP Today Site.

User access at Ping Identity

Ping Identity does not provide this feature.

 

Ending the session

When done, the user may log out of the FTP Today site or allow the session to expire.  This will not log the user out of Ping Identity or any other services authenticated through Ping Identity. 

Ping Identity does not support Global Logout for authenticated applications. Logging out of Ping Identity directly will not log the user out of the FTP Today; The normal session timeout will apply.

The session timeout on the FTP Today Site may log the user out of the site even if they are still logged in at Ping Identity.  In that case, after entering their username they will be immediately authenticated to the site.

Encrypting the SAML response

This is an advanced setting required for FIPS compliance. At your FTP Today Site, navigate to the Identity Service, toggle the “Encrypt Assertion” to on and Save.

image022.png

You will now see an Encryption Certificate link near the page bottom. Download and save the Certificate.

image023.png

 

At your Ping Identity site, navigate to the FTP Today application you created. Select Configuration and select Edit.

image024.png

 

Expand SAML SETTINGS. Under ENCYPTION, check Enable Encryption, select AES_256 for ALGORITHM. Download the certificate from your FTP Today site and upload to Ping Identity. Then Save.

image025.png

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.