Ping Identity
This guide will show you how to integrate GoodAccess with Ping Identity SSO/SCIM.
Remember to grant your Ping Identity users access permissions to GoodAccess. Users without them won't be able to log in.
Step 1 - Adding a new identity provider
Log in to the GoodAccess Control Panel, and go to Settings > SSO & MFA.
Click + Add provider, enter the Provider name, choose your Identity Provider, and click Continue.
Step 2 - Setting up Single Sign-On with SAML
Log in to the Ping Identity Admin console, go to Applications > Applications, and click (+).
Give the application a name, select SAML Application, and click Configure.
Select Manually Enter, and copy the details from GoodAccess - (2) GoodAccess links.
ACS URLs - Assertion Consumer Service URL
Entity ID - Entity ID
Return to GoodAccess, and click Continue.
Return to Ping Identity, and click Save.
1. Attribute Mappings
Go to Attribute Mappings, click the Edit icon, and add the following attributes:
"email" (without quotes)
Email Address
"name" (without quotes)
Username
Check the Required boxes, and click Save.
2. Configuration
Go to Configuration, click Download Metadata, and open the file in a text editor (e.g. Notepad).
Copy the details to GoodAccess - (3) Identity Provider links, and click Continue.
Sign in URL - Single Signon Service
Entity ID - Issuer ID
X509 signing certificate - Copy the certificate from the text editor
Don't forget to Enable the application.
You have now successfully set up your Ping Identity SSO with GoodAccess.
Step 3 - Managing user access
Please note: If no groups are selected, all users will have access. To prevent unauthorized access, ensure you add at least one group, even when setting up SCIM.
If you are setting up SCIM, skip this section. User access for SCIM is managed separately—please refer to User Filter for details.
In the application, go to Access, and click the Edit icon.
Choose who should have access, and click Save.
Step 4 (optional) - Setting up SCIM
1. Provisioning Connection
Go to Integrations > Provisioning, click (+) to create a new connection, and select Identity Store.
Select SCIM Outbound, and click Next.
Give the connection a name, and click Next.
Authentication
Copy the URL and Token from GoodAccess - (4) User provisioning (SCIM).
SCIM BASE URL - URL
SCIM Version - 2.0
Authentication Method - OAuth 2 Bearer Token
Oauth Access Token - Token
Auth Type Header - Bearer
Return to GoodAccess, and click Submit.
Return to Ping Identity, click Test Connection, and Next.
Preferences
Select actions to allow, and click Save.
Don't forget to Enable the connection.
2. Provisioning Rule
Go to Integrations > Provisioning, and click (+) to create a new rule.
Give the rule a name, and click Create Rule.
Click (+) to add your new connection as Target, and click Save.
User Filter
Click the Edit icon to modify the user provisioning criteria.
For instance, you can use the Group Names attribute to provision users based on their membership in a specific group.
Group Names
Contains
Group 1
Group Names
Contains
Group 2
Click Save.
Attribute Mapping
Click the Edit icon, and edit the existing mapping and add a new one as follows:
Email Address
userName
Username
displayName
Click Save.
(optional) Group Provisioning
Click the Edit icon, and select groups you want to provision. Group memberships in GoodAccess are updated according to User Filter criteria.
Click Save.
Don't forget to Enable the rule.
You have now successfully set up your Ping Identity SCIM with GoodAccess.
Last updated
Was this helpful?