Configuring SSO with PingOne

Suggest Edits

Netography Pre-Configuration

Netography’s Security Settings and your Identity Provider settings need to be configured in parallel. To start, login to your Netography account as an administrator.

  1. Navigate to Account Settings > Security. In the Identity Provider section, enable Single Sign-on:

  1. Copy of the Assertion consumer service URL.  It will be needed as an input into Auth0 later.

PingOne Walkthrough

Screenshot dates: 5/2022

  1. Navigate to Identities > Populations and Create a new Population.

  1. Create a population for each role you want to your users to use.  This example will create a population for administrators.  The name we will use Neto_admin.

  1. Click Save. PingOne will display auto-created information for the new population.  Make note of the Population ID, as this value will be used later when configuring the attribute mappings in the Netography Portal

  1. Repeat for additional roles, such as readonly.

  2. Next, we will create a new SAML v2.0 application.  Navigate to Connection > Applications and click Add Application.

  1. Name this application Netography and choose SAML Application as the Application Type.

  1. Click Configure

  1. Select/Enter the following:

    1. Metadata: Manually Enter

    2. ACS URLs: <https://idm.netography.com/auth/realms/netography/broker/><shortname>/endpoint

    3. Entity ID: <https://idm.netography.com/auth/realms/netography>

  1. Next Configure the Attribute Mappings.  Click on the Attribute Mappings tab and the edit icon

  1. Fill out the attribute mappers.  These will be used to populate the user information in Netography.  Of particular importance is the "group" mapping which will link the the population (role) created above.  The following fields can be use:
*   saml\_subject - User ID (required - do not change)
    
*   email - Email Address (required)
    
*   firstName - Given Name (required)
    
*   lastName - Family Name (required)
    
*   nickname - Nickname (optional)
    
*   phoneNumber - Primary Phone (optional)
    
*   jobTitle - Title (optional)
    
*   pictureUrl - Photos Link (optional)
    
*   group - Population ID (required)
  1. Obtain the XML Metadata file.  Click the Configuration tab, then Download.
*   ![ping0ne metadatafile](./images/configuring-sso-ping0ne-metadatafile.png)
  1. Finally, Enable the SAML Application
*   ![ping0ne enable saml application](./images/configuring-sso-ping0ne-enable-saml-application.png)

🚧

Do not forget to assign users to your new Populations.

Netography Post-Configuration

  1. Return to the Netography portal, and upload the metadata file to Netograph in the Metadata section in the Provider screen in the SAML Single Sign-On Settings page.

  1. Click Next

  2. Now configure the User attribute mappers to match the mapper values configured in Auth0 above:

  1. Click Next. 

  2. Next configure the Default user role and role mappers:

    1. Default user role: This is the role an IDM-authenticated user will default to if the role mappings are not found in the SAML exchange.   For security purposes, we recommend setting this value to "readonly", but you may want to set this to "admin" as you are testing your configuration.

    2. Admin role mappers:  Configure these according to the screenshot below.  The SAML Attribute Value will be your specific Population ID.

  1. Click the Save button.

Done! Now your users can log in directly via your identity provider using a new account-specific login URL.  The new SSO Login URL can now be found under the Essentials settings in the SAML Single Sign-On Settings page.

🚧

The default login will still work for your account administrator, which is not bound to your IDM.

Updated 5 months ago