Using Fortanix Data Security Manager with Ping Identity

Prev Next

1.0 Introduction

This article describes how to integrate Fortanix-Data-Security-Manager (DSM) with Ping Identity using SAML configuration.

It also contains the information that a user requires to:

  • Configure Single Sign-On (SSO) mapping details in Ping Identity.

  • Configure group access in Ping Identity.

  • Perform SSO SAML authentication with Ping Identity in Fortanix DSM.

2.0 Prerequisites

Ensure the following:

3.0 Configure Ping Identity SSO

Perform the following steps to add Fortanix DSM as an SAML application in Ping Identity:

  1. Log in to the Ping Identity admin page using the URL: https://admin.pingone.com/web-portal/login.

    Figure 1: Ping identity admin page

  2. Navigate to APPLICATIONS → My Applications → SAML tab for configuring a SAML application.

  3. Click the Add Application drop down and select New SAML Application to create a new SAML application.

    Figure 2: Create new SAML application

  4. In the Application Details section, enter the Application Name, Application Description, Category and update the Graphics icon as per your organization.  

    Picture10.png

    Figure 3: Enter application details

  5. Click Continue to Next Step to go to the Application Configuration section and update the following information:

    • Assertion Consumer Service (ACS): https://<FORTANIX_DSM_URL>/saml

    • Entity ID: https://<FORTANIX_DSM_URL>/saml/metadata.xml

    • Application URL: https://<FORTANIX_DSM_URL>

    Picture2.png

    Figure 4: Configure ping identity application

  6. Click Continue to Next Step to configure the SSO Attribute Mapping section.

  7. If you do not have any SSO Attribute Mapping, then click Continue to Next Step to configure Group Access.

    Figure 5: SSO attribute mapping

  8. In the Group Access section, click Add to add the group access for Domain Administrators and Users in the directory.  

    Figure 6: Adding group access

    Click Remove if you want to delete the Domain Administrator or User.

    Figure 7: Adding group access

  9. Review the setup and click the Download link to download the SAML Metadata and click Finish.

    Picture17.png

    Figure 8: Download SAML metadata

  10. Once done, you will be able to find the Fortanix application in the My Applications tab.  

    Figure 9: Application added successfully

4.0 Configure PingOne SSO in Fortanix DSM

Perform the following steps to integrate Fortanix DSM with PingOne using SAML configuration:

  1. Log in to the Fortanix DSM using URL: https://<FORTANIX_DSM_URL>/.

  2. In the Fortanix DSM user interface (UI), navigate to Settings → AUTHENTICATION tab, and select SINGLE SIGN-ON as the authentication method.

  3. Click ADD SAML INTEGRATION to add a new SAML integration.

    Figure 10: Select SSO

  4. On the Add SAML Integration page, do the following:

    • Click UPLOAD A FILE to browse and upload the SAML file downloaded in Step 8 of Section 3.0: Configure Ping Identity SSO.

      Figure 11: Upload SAML metadata

    • In the SSO Title field, customize the SSO by adding a name in the SSO Title field and a URL for the logo image in the Logo URL field.

    • Click ADD INTEGRATION.

    Figure 12: Customize SSO

  5. After successfully integrating Ping Identity SSO, Fortanix DSM displays the configured SSO as shown below:

    Figure 13: Ping identity configured

5.0 Test the Integration

Perform the following steps to verify the SSO integration:

  1. Log out of Fortanix DSM to sign in using SSO.  

  2. On the Fortanix DSM Login screen, click the LOG IN WITH PINGONE SSO to log in using the newly added SSO configuration.

    Figure 14: Sign in using SSO

  3. You will now be automatically logged in to Fortanix DSM and reach the Fortanix DSM accounts page.

    NOTE

    Ensure that the users logging in to the Fortanix DSM are a part of the Users list in Ping Identity. A user can log in to Fortanix DSM using Ping Identity SSO only if their name exists in the Ping Identity user directory.

    Figure 15: Users added to ping identity