Add Ping Identity as a single sign-on provider


Prerequisites:
  • Sso > Provider > Add, Delete, Edit, View permissions
  • Admin role in your organization’s Ping Identity account
  • User email addresses are the same in both Ping Identity and PureCloud

Add PureCloud as an application that organization members can access with the credentials to their Ping Identity account.

Notes:
  • PureCloud does not support assertion encryption for single sign-on third-party identity providers. The PureCloud log in service requires Transport Layer Security (TLS). Since the channel is encrypted, there is no need to encrypt parts of the message.
  • Administrators can optionally disable the default PureCloud login and enforce authentication using an SSO provider only. For more information, see Configure PureCloud to authenticate with SSO only.

Configure Ping Identity

Create a custom PureCloud application

  1. In PingOne admin, click the My Applications tab.
  2. Click Add Application.
  3. Click New SAML Application.
  4. In the Application Details screen, complete the following fields. Leave the remaining fields blank or at the default settings.
    In this field… Do this…
    Application Name Type your PureCloud application name.
    Application Description Type a short description of the application.
    Category From the list, select Collaboration.
  5. In the Application Configuration screen, complete the following fields. Leave the remaining fields blank or at the default settings.

    In this field… Do this…
    Protocol Version Click SAML v2.0.
    Assertion Consumer Services (ACS) Type the URL for the AWS region where your PureCloud organization is located:
    US East (N. Virginia): https://login.mypurecloud.com/saml
    US West (Oregon): https://login.usw2.pure.cloud/saml
    EU (Ireland): https://login.mypurecloud.ie/saml
    EU (Frankfurt): https://login.mypurecloud.de/saml
    Asia Pacific (Sydney): https://login.mypurecloud.com.au/saml
    Asia Pacific (Tokyo): https://login.mypurecloud.jp/saml
    Entity ID Type a unique string that you want to use to identify the Entity ID, for example: mypurecloud.com/ping
    Single Logout Binding Type Click Redirect.
    Signing Algorithm From the list, select RSA_SHA256.
  6. In the SSO Attribute Mapping screen, add the OrganizationName and SAML_SUBJECT attributes.

    For this attribute… Do this…
    OrganizationName

    1. Type your PureCloud organization short name.
    2. Select the As Literal check box.
    3. Select the Required check box.

    SAML_SUBJECT Type Email.
  7. Click Save and Publish.

Get the certificate for PureCloud configuration

  1. In the My Applications tab, click the PureCloud application name to view the application details.
  2. Next to Signing Certificate, click Download
  3. Open the certificate file with a plain text editor and do the following steps:
    1. Delete the -----BEGIN CERTIFICATE------ and ------END CERTIFICATE----- lines.
    2. Save the certificate file.
Note: You can also download the SAML Metadata file at this time.

    Configure PureCloud

      1. In PureCloud, click Admin.
      2. Under Integrations, click Single Sign-on.
      3. Click the Ping Identity tab.
      4. Enter the Identity Provider metadata gathered from PingOne.
        In this field… Do this…
        Certificate

        1. Click Browse.
        2. Select the certificate you saved and click Open.

        Issuer URI

        1. In PingOne admin, click the My Applications tab to view the application details for your PureCloud application.
        2. Download the SAML Metadata file and open it in a text editor.
        3. Copy and paste the entityID, for example, https://pingone.com/idp/mypurecloud

        Target URI

        1. Type this string:  https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid= 
        2. In the application details for your PureCloud application, find the idpid.
        3. Copy and paste the idpid to the string, for example: https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=fa60b90a-5b95-487c-807c-965de1f5db95

        Relying Party Identifier

        1. In the application details for your PureCloud application, find the entityID.
        2.
        Copy and paste the entityID, for example: mypurecloud.com/ping

        Note: The entityID in the SAML Metadata file and the entity ID in the application details for your PureCloud application have different values and functionality.
      5. Click Save.