1.0 Introduction
This article describes how to integrate Fortanix-Data-Security-Manager (DSM) with Ping Identity using SAML configuration.
It also contains the information that a user requires to:
Configure Single Sign-On (SSO) mapping details in Ping Identity.
Configure group access in Ping Identity.
Perform SSO SAML authentication with Ping Identity in Fortanix DSM.
2.0 Prerequisites
Ensure the following:
An account on Fortanix DSM. For more information on how to create an account, refer to the User's Guide: Getting Started with Fortanix Data Security Manager - UI.
Ping Identity is installed and pre-configured on the system.
3.0 Configure Ping Identity SSO
Perform the following steps to add Fortanix DSM as an SAML application in Ping Identity:
Log in to the Ping Identity admin page using the URL: https://admin.pingone.com/web-portal/login.
Figure 1: Ping identity admin page
Navigate to APPLICATIONS → My Applications → SAML tab for configuring a SAML application.
Click the Add Application drop down and select New SAML Application to create a new SAML application.
Figure 2: Create new SAML application
In the Application Details section, enter the Application Name, Application Description, Category and update the Graphics icon as per your organization.
Figure 3: Enter application details
Click Continue to Next Step to go to the Application Configuration section and update the following information:
Assertion Consumer Service (ACS): https://<FORTANIX_DSM_URL>/saml
Entity ID: https://<FORTANIX_DSM_URL>/saml/metadata.xml
Application URL: https://<FORTANIX_DSM_URL>
Figure 4: Configure ping identity application
Click Continue to Next Step to configure the SSO Attribute Mapping section.
If you do not have any SSO Attribute Mapping, then click Continue to Next Step to configure Group Access.
Figure 5: SSO attribute mapping
In the Group Access section, click Add to add the group access for Domain Administrators and Users in the directory.
Figure 6: Adding group access
Click Remove if you want to delete the Domain Administrator or User.
Figure 7: Adding group access
Review the setup and click the Download link to download the SAML Metadata and click Finish.
Figure 8: Download SAML metadata
Once done, you will be able to find the Fortanix application in the My Applications tab.
Figure 9: Application added successfully
4.0 Configure PingOne SSO in Fortanix DSM
Perform the following steps to integrate Fortanix DSM with PingOne using SAML configuration:
Log in to the Fortanix DSM using URL: https://<FORTANIX_DSM_URL>/.
In the Fortanix DSM user interface (UI), navigate to Settings → AUTHENTICATION tab, and select SINGLE SIGN-ON as the authentication method.
Click ADD SAML INTEGRATION to add a new SAML integration.
Figure 10: Select SSO
On the Add SAML Integration page, do the following:
Click UPLOAD A FILE to browse and upload the SAML file downloaded in Step 8 of Section 3.0: Configure Ping Identity SSO.
Figure 11: Upload SAML metadata
In the SSO Title field, customize the SSO by adding a name in the SSO Title field and a URL for the logo image in the Logo URL field.
Click ADD INTEGRATION.
Figure 12: Customize SSO
After successfully integrating Ping Identity SSO, Fortanix DSM displays the configured SSO as shown below:
Figure 13: Ping identity configured
5.0 Test the Integration
Perform the following steps to verify the SSO integration:
Log out of Fortanix DSM to sign in using SSO.
On the Fortanix DSM Login screen, click the LOG IN WITH PINGONE SSO to log in using the newly added SSO configuration.
Figure 14: Sign in using SSO
You will now be automatically logged in to Fortanix DSM and reach the Fortanix DSM accounts page.
NOTE
Ensure that the users logging in to the Fortanix DSM are a part of the Users list in Ping Identity. A user can log in to Fortanix DSM using Ping Identity SSO only if their name exists in the Ping Identity user directory.
Figure 15: Users added to ping identity