PingOne SSO integration with SafeConsole 5.3


Prerequisite(s):* 


Most of the pre-reqs will be fulfilled as the setup progresses. 



The Document is divided into 3 parts.


Part 1: Creating an Application in PingOne

Part 2: Configuring SafeConsole server to use PingOne SSO 

Part 3: Creating Users and Groups in PingOne



Part 1: Creating an Application in Ping One


Steps to add new application in PingOne to bind to the SafeConsole server. 


- Login to the PingOne admin account 

- Click on Applications tab next to dashboard





Step 1. Application Details


Application Name - This is the name of the application that is being created,It is recommended that the name be unique to the SafeConsole Server to minimize the confusion.  


Application Description - This field is for the description of the application, typically the SafeConsole server name specified on “Application Name” can be elaborated here. 


Category - Specify the category of the application.


Graphics - Import the logo of the application



Step 2. Application Configuration


Signing certificate - Select the available certificate or create a new certificate. New certificate can be created from Setup > Certificates > + Certificates. 




Download SAML metadata and store it for the later use. The metadata XML will later   be uploaded to the safeconsole server. 


Follow the ACS URL and Identity ID information provided at the beginning of the document.


Either re-direct or Post can be selected for Single Logout Binding Type.


Signing Algorithm: RSA_SHA256


Click Continue to next step.



Step 3. SSO Attribute Mapping


Click on Add New Attributes and add the following attributes.{memberOf , memberOf } 





Click “Save and Publish”. This concludes the Application creation process. 



Part 2: Configuring SafeConsole server to use Ping one SSO


Step 1: Enabling SSO in SafeConsole server.


  1. Login to SafeConsole server as an Admin

  2. Click on Server Settings > Single Sign On

  3. Enable Single Sign On

  4. Select Ping One SSO from the drop down

  5. Click upload metadata and upload the metadata XML created on Part 1, Step 2 Application configuration. This should fill in all the required fields.

  6. Click Save.



Step 2: Configuring the Access settings in SafeConsole configurator. 





SafeConsole server can be integrated with Active directory if desired. { link KB }.


The level of authorization and their corresponding groups  { Administrators, Managers and Support } are specified under the particular fields.


Important: The matching group names must also be created in PingOne. (covered later in this article) For eg. in above image we see “SafeConsole_Support” as a security group that is authorized to login to the SafeConsole server as the Support role. Ping One will also have a group called “SafeConsole_Support” and then users will be assigned to that group.


All users that are member of  “SafeConsole_Support” group will have the support privilege when they are logged into SafeConsole server.



Part 3: Creating Users and Groups in PingOne


Step 1: Creating Group 


Navigate to Users > User Directory > Groups





Name the Group to Match one of the group name specified on SafeConsole configurator Step 2 access setting. In our example we used “SafeConsole_Support” so we enter that here now.





Now you should have a “SafeConsole_Support” group in the Groups directory. 





Step 2: Creating User


Navigate to Users > Users Directory > Users





Click on Add user.


Note: Users can be manually created or invited. What’s important is that you set the membership during user creation or right after invitation.





If the user was manually provisioned, you will notice the “Group Memberships” towards the bottom of the page. This is where we add the membership of the user.





In our example we will click “Add” and select “SafeConsole_Support” , and then click “Add” .






We will then activate the group membership by enabling the checkbox and hitting save.





Similarly, invited users can be added to group after hitting “edit” and making membership changes as mentioned above.  



Final Step: The final step is to link the App we created at the beginning of the article to the group we just created. 


To do this, navigate to Users > User Groups






Locate the SafeConsole Groups that are affiliated with the SafeConsole server and click Edit.





Choose the correct App and click save.




This concludes the SafeConsole integration to the PingOne SSO. For additional help or questions please contact: support@datalocker.com