search cancel

Integrate Ping Identity as a SAML IDP


Article ID: 171552


Updated On:


Cloud Secure Web Gateway - Cloud SWG


If you want to use Security Assertion Markup Language (SAML) authentication, but do not have your own Active Directory (AD) deployed, you can provision Ping Identity® as the SAML Identity Provider (IDP)

NOTE: Port 8443 is required for browsers to post SAML assertions to a Web Security Service asset. Verify that this port is open on your gateway firewall devices.


Setup Ping Identity for SAML

In the first phase, set up SAML authentication in the Ping Identity console.

  1. Log in to Ping Identity:
  2. Add a SAML application.
    1. Select Applications > My Applications.
    2. From the Add Application drop-down list, select New SAML Application.
  3. Complete area 1, which identifies the Application Details:
    1. Name the application.
    2. (Recommended) Enter a Description for this application.
    3. From the Category drop-down list, select Communication.
    4. Click Continue to Next Step.
  4. Log in to your Web Security Service portal.
  5. Select Service mode > Authentication > SAML.
  6. On the right-side of the page, click Web Security Service Federation Metadata then Save the XML file to a local directory.
  7. Return to Ping Identity and continue with area 2 of the SAML application 
  8. Application Configuration:
    1. Download the Ping Identity SAML Metadata to a local directory.
    2. Upload the Web Security Service Metadata.
    3. Click Select File and browse to the location of the saved XML file.
  9. Return to the Web Security Service portal Authentication > SAML page.
    1. Click Import Metadata. Browse to and select the downloaded Ping Identity metadata.The service populates the Entity URL and Endpoint URL information.
    2. For the Endpoint Type, select Post Endpoint.
    3. In the Group Attribute field, enter group.
    4. Click Save.
  10. Return to Ping Identity:
    1. Click Continue to Next Step.
    2. Click Save & Publish.
    3. Click Finish.