Ping Identity

This guide will show you how to integrate GoodAccess with Ping Identity SSO/SCIM.

This feature is available in the Premium plan and higher.

Step 1 - Adding a new identity provider

Log in to the GoodAccess Control Panel, and go to Settings > SSO & MFA.

Click + Add provider, enter the Provider name, choose your Identity Provider, and click Continue.

Step 2 - Setting up Single Sign-On with SAML

Log in to the Ping Identity Admin console, go to Applications > Applications, and click (+).

Give the application a name, select SAML Application, and click Configure.

Select Manually Enter, and copy the details from GoodAccess - (2) GoodAccess links.

  • ACS URLs - Assertion Consumer Service URL

  • Entity ID - Entity ID

Return to GoodAccess, and click Continue.

Return to Ping Identity, and click Save.

Ping Identity Admin console with key steps to creating a new SAML application.
Creating a new SAML application

1. Attribute Mappings

Go to Attribute Mappings, click the Edit icon, and add the following attributes:

Attributes
PingOne Mappings

"email" (without quotes)

Email Address

"name" (without quotes)

Username

Check the Required boxes, and click Save.

Ping Identity Admin console with key steps to setting up the "Attribute Mappings".
Setting up the Attribute Mappings

2. Configuration

Go to Configuration, click Download Metadata, and open the file in a text editor (e.g. Notepad).

Copy the details to GoodAccess - (3) Identity Provider links, and click Continue.

  • Sign in URL - Single Signon Service

  • Entity ID - Issuer ID

  • X509 signing certificate - Copy the certificate from the text editor

Don't forget to Enable the application.

Ping Identity Admin console with key steps to setting up GoodAccess.
Setting up GoodAccess
Notepad with highlighted X509 signing certificate.
Copying the certificate from the Notepad

If you don't want to setup SCIM, skip the next step in GoodAccess, and click Submit to finish the configuration.

You have now successfully set up your Ping Identity SSO with GoodAccess.

Step 3 - Managing user access

In the application, go to Access, and click the Edit icon.

Choose who should have access, and click Save.

Ping Identity Admin console with key steps to managing user access.
Managing user access

Step 4 (optional) - Setting up SCIM

1. Provisioning Connection

Go to Integrations > Provisioning, click (+) to create a new connection, and select Identity Store.

Select SCIM Outbound, and click Next.

Give the connection a name, and click Next.

Ping Identity Admin console with key steps to creating a new provisioning connection.
Creating a new provisioning connection
Ping Identity Admin console with key steps to creating a new provisioning connection.
Creating a new provisioning connection

Authentication

Copy the URL and Token from GoodAccess - (4) User provisioning (SCIM).

  • SCIM BASE URL - URL

  • SCIM Version - 2.0

  • Authentication Method - OAuth 2 Bearer Token

  • Oauth Access Token - Token

  • Auth Type Header - Bearer

Return to GoodAccess, and click Submit.

Return to Ping Identity, click Test Connection, and Next.

Ping Identity Admin console with key steps to setting up the "Authentication".
Setting up the Authentication

Preferences

Select actions to allow, and click Save.

Don't forget to Enable the connection.

Ping Identity Admin console with key steps to setting up the "Preferences".
Setting up the Preferences

2. Provisioning Rule

Go to Integrations > Provisioning, and click (+) to create a new rule.

Give the rule a name, and click Create Rule.

Click (+) to add your new connection as Target, and click Save.

Ping Identity Admin console with key steps to creating a new provisioning rule.
Creating a new provisioning rule

User Filter

Click the Edit icon to modify the user provisioning criteria.

For instance, you can use the Group Names attribute to provision users based on their membership in a specific group.

Attribute
Operator
Value

Group Names

Contains

Group 1

Group Names

Contains

Group 2

Click Save.

Ping Identity Admin console with key steps to setting up the "User Filter".
Setting up the User Filter

Attribute Mapping

Click the Edit icon, and edit the existing mapping and add a new one as follows:

Identity Provider Directory
GoodAccess

Email Address

userName

Username

displayName

Click Save.

Ping Identity Admin console with key steps to setting up the "Attribute Mapping".
Setting up the Attribute Mapping

(optional) Group Provisioning

Click the Edit icon, and select groups you want to provision. Group memberships in GoodAccess are updated according to User Filter criteria.

Click Save.

Don't forget to Enable the rule.

Ping Identity Admin console with key steps to setting up the "Group Provisioning".
Setting up the Group Provisioning

The whole provisioning process will take around 20 minutes to complete depending on the number of members and groups being added.

You have now successfully set up your Ping Identity SCIM with GoodAccess.

Last updated

Was this helpful?