Docs

SSO with PingOne

Suggest Edits

Netography Configuration

Netography’s SAML and your Identity Provider settings need to be configured in parallel. To start, log in to your Netography account as an administrator.

  1. Navigate to Settings > Global Security/SSO and enable SAML Single Sign-on:
  2. Copy the Assertion consumer service (ACS) URL in the SAML Single Sign-On Settings page that appears. It will be needed as input into Auth0 later.

PingOne Walkthrough

  1. Navigate to Directory > Populations and Create a new Population.

  1. Create a population for each role you want to your users to use. This example will create a population for administrators. The name we will use Neto_admin.
  1. Click Save. PingOne will display auto-created information for the new population. Make note of the Population ID, as this value will be used later when configuring the attribute mappings in the Netography Portal

  1. Repeat for additional roles, such as readonly.
  2. Next, we will create a new SAML v2.0 application. Navigate to Applications > Applications and click the plus icon button to add a.
  1. Name this application Netography and choose SAML Application as the Application Type.

  1. Click Configure

  2. Select/Enter the following:

    1. Metadata: Manually Enter
    2. ACS URLs: https://idm.netography.com/auth/realms/netography/broker/<shortname>/endpoint
    3. Entity ID: https://idm.netography.com/auth/realms/netography

  1. Click Save
  2. Click on the Attribute Mappings tab and the edit icon

**Fill out the attribute mappers. These will be used to populate the user information in Netography. Of particular importance is the "group" mapping which will link the the population (role) created above. The following fields can be use:

* saml\_subject - User ID (required - do not change)

* email - Email Address (required)

* firstName - Given Name (required)

* lastName - Family Name (required)

* nickname - Nickname (optional)

* phoneNumber - Primary Phone (optional)

* jobTitle - Title (optional)

* pictureUrl - Photos Link (optional)

* group - Population ID (required)


  1. Click Save

  2. Obtain the XML Metadata file. Click the Overview tab, then Download Metadata.

  3. Finally, click the toggle switch to enable the SAML Application

🚧 Do not forget to assign users to your new Populations.

Netography Post-Configuration

  1. Return to the Netography portal, navigate to Global Security/SSO -> SAML Single Sign-on, and upload the metadata file into the Metadata File field.

  1. Click Next
  2. Now configure the User attribute mappers to match the mapper values configured in Auth0 above:


  1. Click Next.
  2. Next configure the Default user role and role mappers:
    1. Default user role: This is the role an IDM-authenticated user will default to if the role mappings are not found in the SAML exchange. For security purposes, we recommend setting this value to "readonly", but you may want to set this to "admin" as you are testing your configuration.
    2. Admin role mappers: Configure these according to the screenshot below. The SAML Attribute Value will be your specific Population ID.


  1. Click the Save button.

Done! Now your users can log in directly via your identity provider using a new account-specific login URL. The new SSO Login URL can now be found under the Essentials settings in the SAML Single Sign-On Settings page.

🚧 The default login will still work for your account administrator, which is not bound to your IDM.

Updated about 18 hours ago