search
GoodAccess WebsiteRequest Free TrialDownload App

Ping Identity

This guide will show you how to integrate GoodAccess with Ping Identity SSO/SCIM.

circle-info

This feature is available in the Premium plan and higher.

triangle-exclamation

Remember to grant your Ping Identity users access permissions to GoodAccess. Users without them won't be able to log in.

hashtag
Step 1 - Adding a new identity provider

Log in to the GoodAccess Control Panel, and go to Settings > SSO & Identity.arrow-up-right

Click + Add provider, enter the Provider name, choose your Identity Provider, and click Continue.

hashtag
Step 2 - Setting up Single Sign-On with SAML

Log in to the Ping Identity Admin console, go to Applications > Applications, and click (+).

Give the application a name, select SAML Application, and click Configure.

Select Manually Enter, and copy the details from GoodAccess - (2) GoodAccess links.

  • ACS URLs - Assertion Consumer Service URL

  • Entity ID - Entity ID

Return to GoodAccess, and click Continue.

Return to Ping Identity, and click Save.

Ping Identity Admin console with key steps to creating a new SAML application.
Creating a new SAML application

hashtag
1. Attribute Mappings

Go to Attribute Mappings, click the Edit icon, and add the following attributes:

Attributes
PingOne Mappings

"email" (without quotes)

Email Address

"name" (without quotes)

Username

Check the Required boxes, and click Save.

Ping Identity Admin console with key steps to setting up the "Attribute Mappings".
Setting up the Attribute Mappings

hashtag
2. Configuration

Go to Configuration, click Download Metadata, and open the file in a text editor (e.g. Notepad).

Copy the details to GoodAccess - (3) Identity Provider links, and click Continue.

  • Sign in URL - Single Signon Service

  • Entity ID - Issuer ID

  • X509 signing certificate - Copy the certificate from the text editor

Don't forget to Enable the application.

Ping Identity Admin console with key steps to setting up GoodAccess.
Setting up GoodAccess
Notepad with highlighted X509 signing certificate.
Copying the certificate from the Notepad
circle-info

If you don't want to setup SCIM, skip the next step in GoodAccess, and click Submit to finish the configuration.

You have now successfully set up your Ping Identity SSO with GoodAccess.

hashtag
Step 3 - Managing user access

triangle-exclamation

Please note: If no groups are selected, all users will have access. To prevent unauthorized access, ensure you add at least one group, even when setting up SCIM.

circle-exclamation

If you are setting up SCIM, skip this section. User access for SCIM is managed separately—please refer to User Filter for details.

In the application, go to Access, and click the Edit icon.

Choose who should have access, and click Save.

Ping Identity Admin console with key steps to managing user access.
Managing user access

hashtag
Step 4 (optional) - Setting up SCIM

hashtag
1. Provisioning Connection

Go to Integrations > Provisioning, click (+) to create a new connection, and select Identity Store.

Select SCIM Outbound, and click Next.

Give the connection a name, and click Next.

Ping Identity Admin console with key steps to creating a new provisioning connection.
Creating a new provisioning connection
Ping Identity Admin console with key steps to creating a new provisioning connection.
Creating a new provisioning connection

hashtag
Authentication

Copy the URL and Token from GoodAccess - (4) User provisioning (SCIM).

  • SCIM BASE URL - URL

  • SCIM Version - 2.0

  • Authentication Method - OAuth 2 Bearer Token

  • Oauth Access Token - Token

  • Auth Type Header - Bearer

Return to GoodAccess, and click Submit.

Return to Ping Identity, click Test Connection, and Next.

Ping Identity Admin console with key steps to setting up the "Authentication".
Setting up the Authentication

hashtag
Preferences

Select actions to allow, and click Save.

Don't forget to Enable the connection.

Ping Identity Admin console with key steps to setting up the "Preferences".
Setting up the Preferences

hashtag
2. Provisioning Rule

Go to Integrations > Provisioning, and click (+) to create a new rule.

Give the rule a name, and click Create Rule.

Click (+) to add your new connection as Target, and click Save.

Ping Identity Admin console with key steps to creating a new provisioning rule.
Creating a new provisioning rule

hashtag
User Filter

Click the Edit icon to modify the user provisioning criteria.

For instance, you can use the Group Names attribute to provision users based on their membership in a specific group.

Attribute
Operator
Value

Group Names

Contains

Group 1

Group Names

Contains

Group 2

Click Save.

Ping Identity Admin console with key steps to setting up the "User Filter".
Setting up the User Filter

hashtag
Attribute Mapping

Click the Edit icon, and edit the existing mapping and add a new one as follows:

Identity Provider Directory
GoodAccess

Email Address

userName

Username

displayName

Click Save.

Ping Identity Admin console with key steps to setting up the "Attribute Mapping".
Setting up the Attribute Mapping

hashtag
(optional) Group Provisioning

Click the Edit icon, and select groups you want to provision. Group memberships in GoodAccess are updated according to User Filter criteria.

Click Save.

Don't forget to Enable the rule.

Ping Identity Admin console with key steps to setting up the "Group Provisioning".
Setting up the Group Provisioning
circle-info

The whole provisioning process will take around 20 minutes to complete depending on the number of members and groups being added.

You have now successfully set up your Ping Identity SCIM with GoodAccess.

PreviousOneLoginNextUniversal (SAML)

Last updated

Was this helpful?