Ping Federate
Configure Single Sign-On (SSO) with Ping Federate to enable seamless authentication for your ept AI users using their existing identity federation credentials.
Back to Integrations Overview
Overview
The Ping Federate SSO integration enables your ept AI users to:
- Sign in using their existing Ping Federate-managed credentials
- Access ept AI without creating separate accounts
- Benefit from Ping Federate's enterprise identity federation features
- Use existing identity federation policies and security controls
This integration supports SAML 2.0 authentication and integrates with Ping Federate's comprehensive identity federation capabilities.
Prerequisites
Before setting up the Ping Federate SSO integration, ensure you have:
- Ping Federate: Active Ping Federate server configured
- Admin Access: Ping Federate administrator access
- ept AI Setup: Your ept AI instance configured and ready
- Network Access: Ability to reach the Ping Federate server from ept AI
Setup Instructions
Step 1: Configure SP Connection in Ping Federate
-
Create New SP Connection:
- Log into Ping Federate admin console
- Navigate to SP Connections
- Click "Create New SP Connection"
-
Configure Connection Settings:
- Connection Type: SAML 2.0
- Connection Name: "ept AI"
- Description: "AI-powered chatbot platform"
- Click "Next"
-
Configure SAML Settings:
- Entity ID:
https://your-ept-ai-domain.com/saml/metadata - ACS URL:
https://your-ept-ai-domain.com/saml/acs - Signing Certificate: Upload ept AI's signing certificate
- Click "Next"
- Entity ID:
-
Configure Attribute Mapping:
- Map Ping Federate attributes to ept AI user properties:
email -> user.email
firstName -> user.firstName
lastName -> user.lastName
groups -> user.groups
Step 2: Configure ept AI for Ping Federate SSO
-
Access SSO Settings:
- Log into your ept AI admin dashboard
- Navigate to Configuration > Users > SSO Settings
- Click "Configure SSO"
- Select "Ping Federate" as the SSO provider
-
Configure SAML Settings:
SSO Provider: Ping Federate
Entity ID: https://your-ept-ai-domain.com/saml/metadata
ACS URL: https://your-ept-ai-domain.com/saml/acs
Ping Federate URL: https://your-ping-federate-server.domain.com
Signing Certificate: [Export from Ping Federate]
Step 3: Test and Activate SSO
-
Test Configuration:
- Use Ping Federate's built-in SAML testing tools
- Verify attribute mapping and user provisioning
- Test sign-in flow from Ping Federate to ept AI
-
Activate Integration:
- Enable SSO in ept AI admin settings
- Configure fallback authentication options
- Set up user provisioning rules
Configuration Options
Authentication Settings
- SAML 2.0: Full SAML 2.0 protocol support
- Force Authentication: Require re-authentication for sensitive operations
- Session Management: Configure session timeouts and renewal
- Logout: Configure single logout (SLO) behavior
User Provisioning
- Just-in-Time (JIT): Automatically create users on first sign-in
- Attribute Mapping: Map Ping Federate attributes to ept AI user properties
- Group Synchronization: Sync Ping Federate groups to ept AI roles
- User Updates: Automatically update user information from Ping Federate
Security Settings
- Certificate Management: Upload and manage SAML signing certificates
- Encryption: Enable SAML response encryption
- Audit Logging: Log all SSO authentication events
- Access Control: Configure IP restrictions and access policies
Use Cases
Enterprise Authentication
- Centralized Identity: Use existing Ping Federate-managed accounts for ept AI access
- Security Compliance: Meet enterprise security and compliance requirements
- User Management: Leverage Ping Federate's user lifecycle management
- Access Control: Use Ping Federate policies for conditional access
Identity Federation
- Multi-Domain Support: Support organizations with multiple identity domains
- Federation Policies: Apply existing identity federation policies
- Cross-Domain Access: Enable access across organizational boundaries
- Policy Enforcement: Apply existing federation policies
Best Practices
Security Configuration
- Certificate Management: Regularly rotate SAML signing certificates
- Attribute Security: Only request necessary user attributes
- Access Policies: Configure appropriate access policies in Ping Federate
- Audit Monitoring: Monitor SSO authentication logs regularly
Integration Management
- Testing: Regularly test the SSO integration
- Documentation: Maintain up-to-date configuration documentation
- Monitoring: Monitor integration health and performance
- Updates: Keep both Ping Federate and ept AI updated
Troubleshooting
Common Issues
Authentication Failures:
- Verify SAML certificate is valid and not expired
- Check attribute mapping configuration
- Verify ACS URL and Entity ID match exactly
- Review Ping Federate SP connection configuration
User Provisioning Issues:
- Check attribute mapping in both Ping Federate and ept AI
- Verify user attributes are being sent correctly
- Review user creation and update rules
- Check group synchronization settings
Session Management:
- Verify session timeout configurations
- Check single logout (SLO) configuration
- Review browser cookie settings
- Test session renewal process
Getting Help
- Ping Federate Documentation: Ping Federate Configuration Guide
- SAML Testing: SAML Tracer browser extension
- Support: Contact support@ept.ai for integration assistance
Related Resources
-
Users - Manage user access and permissions
-
Okta Workforce Integration - Alternative enterprise SSO option
-
Azure AD Integration - Microsoft-based SSO option