Docs

SSO with PingOne

Suggest Edits

Netography Fusion Configuration

Netography’s SAML and your Identity Provider settings need to be configured in parallel. To start, log in to your Netography account as an administrator.

  1. Navigate to Settings > Global Security/SSO and enable SAML Single Sign-on:
  2. Make a copy of the Assertion consumer service (ACS) URL in the SAML Single Sign-On Settings page that appears. This be needed as input into PingOne later.

PingOne Walkthrough

  1. Navigate to Directory > Populations.

Create a new Population.

  1. Create a population for each role you want to your users to use. The example image below creates a population for administrators. In this example, the Population Name is Neto_admin.

  1. Click Save.
    PingOne will display auto-created information for the new Population.
    Make note of the Population ID. This value will be used later when configuring the attribute mappings in the Netography Fusion Portal.

  1. [Optional] Repeat process for additional roles, such as readonly.

Create a new SAML v2.0 application.

  1. Navigate to Applications > Applications and click the plus icon button to add a.
  1. Name this application Netography and choose SAML Application as the Application Type.

  1. Click Configure.

  2. Select / Enter the following details:

    1. Metadata: Manually Enter
    2. ACS URLs: https://idm.netography.com/auth/realms/netography/broker/<shortname>/endpoint
    3. Entity ID: https://idm.netography.com/auth/realms/netography

  1. Click Save.
  2. Click the Attribute Mappings tab.
  3. Click the edit icon.

**Fill out the attribute mappers. These will be used to populate the user information in Netography. Of particular importance is the "group" mapping which will link the the population (role) created above. The following fields can be use:

* saml\_subject - User ID (required - do not change)

* email - Email Address (required)

* firstName - Given Name (required)

* lastName - Family Name (required)

* nickname - Nickname (optional)

* phoneNumber - Primary Phone (optional)

* jobTitle - Title (optional)

* pictureUrl - Photos Link (optional)

* group - Population ID (required)


  1. Click Save

  2. Obtain the XML Metadata file. Click the Overview tab, then Download Metadata.

  3. Finally, click the toggle switch to enable the SAML Application

🚧 Do not forget to assign users to your new Populations.

Netography Fusion Post-Configuration

  1. Return to the Netography portal, navigate to Global Security/SSO -> SAML Single Sign-on, and upload the metadata file into the Metadata File field.

  1. Click Next.
  2. Now configure the User attribute mappers to match the mapper values configured in Auth0 above:


  1. Click Next.
  2. Configure the Default user role and role mappers:
    1. Default user role: This is the role an IDM-authenticated user will default to if the role mappings are not found in the SAML exchange. For security purposes, we recommend setting this value to "readonly", but you may want to set this to "admin" as you are testing your configuration.
    2. Admin role mappers: Configure these according to the screenshot below. The SAML Attribute Value will be your specific Population ID.


  1. Click the Save button.

Done! Now your users can log in directly via your identity provider using a new account-specific login URL. The new SSO Login URL can now be found under the Essentials settings in the SAML Single Sign-On Settings page.

🚧 The default login will still work for your account administrator, which is not bound to your IDM.

Updated 1 day ago