Configuring PingOne Cloud as an Identity Provider
Note: Pivotal Platform is now part of VMware Tanzu. In v1.12 and later, Pivotal Single Sign‑On is named Single Sign‑On for VMware Tanzu.
This topic describes how to set up PingOne Cloud as your identity provider by configuring SAML integration in both Single Sign‑On for VMware Tanzu and PingOne Cloud.
Set up SAML in Single Sign‑On
- Log into the SSO Operator Dashboard at
https://p-identity.SYSTEM-DOMAIN
as a Plan Administrator. Select your plan and click Manage Identity Providers on the dropdown.
Click Configure SAML Service Provider.
(Optional) Select Perform signed authentication requests to enforce SSO private key signature and identity provider validation.
(Optional) Select Require signed assertions to validate the origin of signed responses.
Click Download Metadata to download the service provider metadata.
Click Save.
Set up SAML in PingOne Cloud
Sign in as a PingOne Cloud administrator.
Navigate to your app by clicking on Apps.
Click Add Application and choose New SAML Application.
Enter the Application Name, Application Description, Category and any Graphics.
Click Continue to Next Step to configure SAML.
In the Application Configuration section, perform the following steps:
- Select I have the SAML configuration.
- For SAML Metadata, click Download to download the identity provider metadata.
- For Protocol Version, select SAML v 2.0.
- For Upload Metadata, click Select File and select the service provider metadata.
- Click Continue to Next Step.
(Optional) Under SSO Attribute Mapping, specify any app or group attributes that you want to map to users in the ID token.
Click Save & Publish.
Click Finish.