Configuring PingOne Cloud as an Identity Provider

Note: Pivotal Platform is now part of VMware Tanzu. In v1.12 and later, Pivotal Single Sign‑On is named Single Sign‑On for VMware Tanzu.

This topic describes how to set up PingOne Cloud as your identity provider by configuring SAML integration in both Single Sign‑On for VMware Tanzu and PingOne Cloud.

Set up SAML in Single Sign‑On

  1. Log into the SSO Operator Dashboard at https://p-identity.SYSTEM-DOMAIN as a Plan Administrator.

  2. Select your plan and click Manage Identity Providers on the dropdown.

    SSO Dashboard Plans screen

  3. Click Configure SAML Service Provider.

    Identity Providers screen

  4. (Optional) Select Perform signed authentication requests to enforce SSO private key signature and identity provider validation.

    Configure SAML Service Provider section

  5. (Optional) Select Require signed assertions to validate the origin of signed responses.

  6. Click Download Metadata to download the service provider metadata.

  7. Click Save.

Set up SAML in PingOne Cloud

  1. Sign in as a PingOne Cloud administrator.

  2. Navigate to your app by clicking on Apps.

  3. Click Add Application and choose New SAML Application.

    PingOne Cloud Dashboard My Applications section

  4. Enter the Application Name, Application Description, Category and any Graphics.

  5. Click Continue to Next Step to configure SAML.

    Applications Configuration section

  6. In the Application Configuration section, perform the following steps:

    1. Select I have the SAML configuration.
    2. For SAML Metadata, click Download to download the identity provider metadata.
    3. For Protocol Version, select SAML v 2.0.
    4. For Upload Metadata, click Select File and select the service provider metadata.
    5. Click Continue to Next Step.

  7. (Optional) Under SSO Attribute Mapping, specify any app or group attributes that you want to map to users in the ID token.

    SSO Attribute Mapping section

  8. Click Save & Publish.

  9. Click Finish.