Ping Identity
This guide will show you how to integrate GoodAccess with Ping Identity SSO/SCIM.
Last updated
This guide will show you how to integrate GoodAccess with Ping Identity SSO/SCIM.
Last updated
This feature is available in the Premium plan and higher.
Remember to grant your users access permissions to GoodAccess. Users without them won't be able to log in.
Log in to the GoodAccess Control Panel, and go to Settings > SSO & MFA.
Click + Add provider, enter the Provider name, choose your Identity Provider, and click Continue.
Log in to the Ping Identity Admin console, go to Applications > Applications, and click (+).
Give the application a name, select SAML Application, and click Configure.
Select Manually Enter, and copy the details from GoodAccess - (2) GoodAccess links.
ACS URLs - Assertion Consumer Service URL
Entity ID - Entity ID
Return to GoodAccess, and click Continue.
Return to Ping Identity, and click Save.
Go to Attribute Mappings, click the Edit icon, and add the following attributes:
"email" (without quotes)
Email Address
"name" (without quotes)
Username
Check the Required boxes, and click Save.
Go to Configuration, click Download Metadata, and open the file in a text editor (e.g. Notepad).
Copy the details to GoodAccess - (3) Identity Provider links, and click Continue.
Sign in URL - Single Signon Service
Entity ID - Issuer ID
X509 signing certificate - Copy the certificate from the text editor
Don't forget to Enable the application.
If you don't want to setup SCIM, skip the next step in GoodAccess, and click Submit to finish the configuration.
You have now successfully set up your Ping Identity SSO with GoodAccess.
Go to Integrations > Provisioning, click (+) to create a new connection, and select Identity Store.
Select SCIM Outbound, and click Next.
Give the connection a name, and click Next.
Copy the URL and Token from GoodAccess - (4) User provisioning (SCIM).
SCIM BASE URL - URL
SCIM Version - 2.0
Authentication Method - OAuth 2 Bearer Token
Oauth Access Token - Token
Auth Type Header - Bearer
Return to GoodAccess, and click Submit.
Return to Ping Identity, click Test Connection, and Next.
Select actions to allow, and click Save.
Don't forget to Enable the connection.
Go to Integrations > Provisioning, and click (+) to create a new rule.
Give the rule a name, and click Create Rule.
Click (+) to add your new connection as Target, and click Save.
Click the Edit icon to modify the user provisioning criteria.
For instance, you can use the Group Names attribute to provision users based on their membership in a specific group.
Group Names
Contains
Group 1
Group Names
Contains
Group 2
Click Save.
Click the Edit icon, and edit the existing mapping and add a new one as follows:
Email Address
userName
Username
displayName
Click Save.
Click the Edit icon, and select groups you want to provision. Group memberships in GoodAccess are updated according to user filter criteria.
Click Save.
Don't forget to Enable the rule.
The whole provisioning process will take around 20 minutes to complete depending on the number of members and groups being added.
You have now successfully set up your Ping Identity SCIM with GoodAccess.