Prolaborate and Ping Identity SAML Integration
Prerequisites
Your Prolaborate site should have a valid SSL Certificate.
If you don’t have an SSL Certificate, you can create a self-signed certificate yourself. Please get in touch with Prolaborate team to know more about it.
Default Access Control Profile
Create Access Control profile to provide access to the PING Identity based SAML user to access the Repository.
Click Menu and select Access Control Profile from the list.
Click on Create Profile.
| Name | Give a name for the access control profile. |
| Repository Name | If you opt-out for Choose Specific Repositories select the repository from the list of repositories. Users will get access only to those repositories which has been selected. |
| Repository and User Groups Membership | If you choose to Include All Repositories users will get access to all repositories, and if you select Choose Specific Repositories users will get access based on the user groups they are added to. |
| User Group Membership | Choose the User Group Membership and the users will get all the access and credentials which is assigned to the group. |
Click on Save and the Access control profile will be created.
Now, go back to SAML Sign on Settings page.
Service Provider Configuration
To configure the Service Provider i.e. Prolaborate, click on Menu → SAML Single Sign on
From the top left of the page, click on Enable button.
Under Service Provider Configuration,
| Name | Name will be prefilled |
| Assertion Consumer URL | Assertion Consumer URL will be Prefilled |
| Certificate File | Choose the .pfx file of your SSL certificate |
| Certificate Password | Enter the Password of the .pfx file |
Configuring Prolaborate in Ping Identity
The following sections will elaborate the steps involved in setting up Prolaborate in Ping Identity.
Create a new SAML Application
To create a SAML application, follow the below steps:
Sign-in to the Ping Identity using your administrator account.
Click Administrators from the Environment List.
Click Connections from Navigation pane which is located on your left.
Now user can get the list of Application which is already added in the Provider.
Click Add Icon from the page which is located nearby Applications.
Please Enter Application Name and Description as per your Requirement.
Click SAML Application at Choose Application Type.
Click Configure button.
Choose Manually Enter option from the Application meta data.
Enter ACS URL which is available in ACU at Service Provider configuration under Prolaborate SAML Sign on Settings.
Entity ID field – Copy Name from Service Provider configuration under Prolaborate SAML Sign on setting and paste it in Entity ID field.
Click Save Button.
Download Certificate File from Ping Identity
Click Application from the list.
Click Configuration Tab
Click Edit Icon.
Click Download Signing Certificate button and choose (.crt) file type to download from the page and the respective file will be downloaded in the .CRT extension.
Note:
- It shows warning message to keep this file type in the system. Please click Keep button to continue download.
Then rename the certificate extension from .CRT into .CER.
Upload the certificate at IDP configuration section in Prolaborate SAML Single Sign on settings.
Creating New Attribute Mapping in Ping Identity
| Field | Description |
|---|---|
| Application Attribute | PingOne |
| firstname | Please Choose Username from PingOne column Dropdown |
| lastname | Please Choose Given Name from PingOne column Dropdown |
| Please Choose Email Address from PingOne column Dropdown | |
| user group | Please choose the User Group from PingOne column Dropdown. |
If the Admin want to map the SAML user group in the Prolaborate application. Please choose the User Group from the Application dropdown.
Please Check Required Column check boxes for above mentioned attributes.
After configured all the above-mentioned Attributes from Attribute Mapping page.
Click Save Button.
Configuring Identity Provider (IDP) in Prolaborate
Go back to Prolaborate, click on Menu → SAML Sign-On Settings.
Please fill the details mentioned in the below table,
| Field | Description |
|---|---|
| Name | Please copy Issuer ID under configuration section from Ping identity portal |
| Sign in URL | Please copy Single Sign-on Service under configuration section from Ping identity portal |
| Sign Out URL | Please copy Single Sign-on Service under configuration section from Ping identity portal |
| Certificate file | Please upload .cert file type certificate which is downloaded at configuration page from Ping Identity portal |
Configuring Attribute Mapping in Prolaborate
Please change the Attribute mapping toggle button from Default to Custom.
Selecting Access Control Profile
Select the newly created profile and click Save.
Log in with Ping Identity Credentials
Once the configuration is done, your users will start to see a new button on the login page called Login with SSO.
When they click on Login with SSO,
They will be redirected to an URL as per configuration. They can then give their Ping Identity credentials to login to Prolaborate.
You will be redirected to Prolaborate successfully if the configuration is done right as said in the document.
If you’re experiencing challenges signing in using SSO, go at SAML Assertion Validation to debug the SAML configurations.
Note
The Repositories you see will be based on Default Access Control Profile.
Logging out from Prolaborate
When a user initiates a logout, the user will be logged out from all applications in the current Identity provider login session.
