Ping Identity
This guide will show you how to integrate GoodAccess with Ping Identity SSO/SCIM.
Last updated
Was this helpful?
This guide will show you how to integrate GoodAccess with Ping Identity SSO/SCIM.
Last updated
Was this helpful?
Remember to to GoodAccess. Users without them won't be able to log in.
Click + Add provider, enter the Provider name, choose your Identity Provider, and click Continue.
Log in to the Ping Identity Admin console, go to Applications > Applications, and click (+).
Give the application a name, select SAML Application, and click Configure.
Select Manually Enter, and copy the details from GoodAccess - (2) GoodAccess links.
ACS URLs - Assertion Consumer Service URL
Entity ID - Entity ID
Return to GoodAccess, and click Continue.
Return to Ping Identity, and click Save.
Go to Attribute Mappings, click the Edit icon, and add the following attributes:
"email" (without quotes)
Email Address
"name" (without quotes)
Username
Check the Required boxes, and click Save.
Go to Configuration, click Download Metadata, and open the file in a text editor (e.g. Notepad).
Copy the details to GoodAccess - (3) Identity Provider links, and click Continue.
Sign in URL - Single Signon Service
Entity ID - Issuer ID
X509 signing certificate - Copy the certificate from the text editor
Don't forget to Enable the application.
You have now successfully set up your Ping Identity SSO with GoodAccess.
Please note: If no groups are selected, all users will have access. To prevent unauthorized access, ensure you add at least one group, even when setting up SCIM.
If you are setting up SCIM, skip this section. User access for SCIM is managed separately—please refer to User Filter for details.
In the application, go to Access, and click the Edit icon.
Choose who should have access, and click Save.
Go to Integrations > Provisioning, click (+) to create a new connection, and select Identity Store.
Select SCIM Outbound, and click Next.
Give the connection a name, and click Next.
Copy the URL and Token from GoodAccess - (4) User provisioning (SCIM).
SCIM BASE URL - URL
SCIM Version - 2.0
Authentication Method - OAuth 2 Bearer Token
Oauth Access Token - Token
Auth Type Header - Bearer
Return to GoodAccess, and click Submit.
Return to Ping Identity, click Test Connection, and Next.
Select actions to allow, and click Save.
Don't forget to Enable the connection.
Go to Integrations > Provisioning, and click (+) to create a new rule.
Give the rule a name, and click Create Rule.
Click (+) to add your new connection as Target, and click Save.
Click the Edit icon to modify the user provisioning criteria.
For instance, you can use the Group Names attribute to provision users based on their membership in a specific group.
Group Names
Contains
Group 1
Group Names
Contains
Group 2
Click Save.
Click the Edit icon, and edit the existing mapping and add a new one as follows:
Email Address
userName
Username
displayName
Click Save.
Click the Edit icon, and select groups you want to provision. Group memberships in GoodAccess are updated according to User Filter criteria.
Click Save.
Don't forget to Enable the rule.
You have now successfully set up your Ping Identity SCIM with GoodAccess.
