PingOne SSO integration with SafeConsole 5.3


Most of the prereqs will be fulfilled as the setup progresses. 

The Document is divided into 3 parts.

Part 1: Creating an Application in PingOne

Part 2: Configuring SafeConsole server to use PingOne SSO 

Part 3: Creating Users and Groups in PingOne

Part 1: Creating an Application in Ping One

Steps to add a new application in PingOne to bind to the SafeConsole server. 

- Login to the PingOne admin account 

- Click on the Applications tab next to Dashboard

Step 1. Application Details

Application Name - This is the name of the application that is being created, It is recommended that the name be unique to the SafeConsole Server to minimize confusion.  

Application Description - This field is for the application's description; typically, the SafeConsole server name specified on “Application Name” can be elaborated here. 

Category - Specify the category of the application.

Graphics - Import the logo of the application

Step 2. Application Configuration

Signing certificate - Select the available certificate or create a new certificate. New certificate can be created from Setup > Certificates > + Certificates. 

Download SAML metadata and store it for later use. The metadata XML will later be uploaded to the SafeConsole server. 

Follow the ACS URL and Identity ID information provided at the beginning of the document.

Either re-direct or Post can be selected for Single Logout Binding Type.

Signing Algorithm: RSA_SHA256

Click Continue to the next step.

Step 3. SSO Attribute Mapping

Click on Add New Attributes and add the following attributes.{memberOf , memberOf } 

Click “Save and Publish”. This concludes the Application creation process. 

Part 2: Configuring SafeConsole server to use Ping one SSO

Step 1: Enabling SSO in the SafeConsole server.

  1. Login to SafeConsole server as an Admin

  2. Click on Server Settings > Single Sign-On

  3. Enable Single Sign-On

  4. Select Ping One SSO from the drop-down

  5. Click upload metadata and upload the metadata XML created on Part 1, Step 2 Application configuration. This should fill in all the required fields.

  6. Click Save.

Step 2: Configuring the Access settings in the SafeConsole configurator. Note: These groups need to be defined for the SSO subsystem to work properly.

SafeConsole server can be integrated with Active Directory if desired. More info can be found here.

The level of authorization and their corresponding groups  { Administrators, Managers, and Support } is specified under the particular fields.

Important: The matching group names must also be created in PingOne. (covered later in this article) For example, in the above image, we see “SafeConsole_Support” as a security group authorized to log in to the SafeConsole server as the Support role. Ping One will also have a group called “SafeConsole_Support” and then users will be assigned to that group.

All users of the “SafeConsole_Support” group will have the support privilege when they are logged into the SafeConsole server.

Part 3: Creating Users and Groups in PingOne

Step 1: Creating Group 

Navigate to Users > User Directory > Groups

Name the Group to Match one of the group name specified on SafeConsole configurator Step 2 access setting. In our example, we used “SafeConsole_Support” so we enter that here now.

Now you should have a “SafeConsole_Support” group in the Groups directory. 

Step 2: Creating User

Navigate to Users > Users Directory > Users

Click on Add user.

Note: Users can be manually created or invited. What’s important is that you set the membership during user creation or right after the invitation.

If the user was manually provisioned, you will notice the “Group Memberships” towards the bottom of the page. This is where we add the membership of the user.

In our example we will click “Add” and select “SafeConsole_Support”, and then click “Add”.

We will then activate the group membership by enabling the checkbox and hitting save.

Similarly, invited users can be added to the group after hitting “edit” and making membership changes as mentioned above.  

Final Step: The final step is to link the App we created at the beginning of the article to the group we just created. 

To do this, navigate to Users > User Groups

Locate the SafeConsole Groups that are affiliated with the SafeConsole server and click Edit.

Choose the correct App and click save.

This concludes the SafeConsole integration to the PingOne SSO. For additional help or questions please contact: