How to Configure PingOne and Azure AD

In this tutorial we will configure Azure AD using the metadata provided by the Udemy for Business team, or the metadata downloaded from PingOne.

If you don't have the metadata from the Udemy for Business team, or you're not sure how to download it, please refer to this article.

Create a New Application in Azure

1. Login to the classic Azure portal and select Active Directory.

AZURE.png

2. Next, click on Applications and then click Add new one from the bottom.

add_azure.png

3. Select Add an application from the gallery.

gallery.png

4. Select custom and set the name for the application.

set_the_name.png

5. Click on Configure single sign-on.

enable_sso.png

6. Select Microsoft Azure AD Single Sign-on.

microsoft_sso.png

7. In configuration, first click on Show advanced settings, and also check Configure the certificate used for federated single sign-on. As an Identifier use value “PingConnect”. As a Sign On URL, use value https://sso.connect.pingidentity.com/sso/sp/initsso?saasid=<SaasID>”, where you need to replace <SaasID> with entityID from the PingOne metadata. As a Reply URL, use Assertion Consumer Service URL from the PingOne metadata.

configure_app.png

8. Configure the Federated SSO certificate.

federated_sso_certificate.png

9. Then you should see your finished SSO configuration in Azure. Don't forget to download XML metadata; you will need it to configure the customer connection in PingOne. You can check that you set up SSO and continue.

configure_sso_pingone.png

10. In the Users and Groups section, please select the users that you want to have access to the new application. Only added users will be able to use SSO. 

pingone_idp.png

11. In the Attributes section configure the attributes that are sent in SAML assertion. By clicking on Add user Attribute, you can add the attributes below. The Udemy for Business instance of PingOne supports the following attributes.

Required attributes:

SCIM.email: the unique email of the user

Optional attributes:

SCIM.name.givenName: the given (or first) name of the user

SCIM.name.middleName: the middle name (if any) of the user

SCIM.name.familyName: the family (or last) name of the user

SCIM.name.formatted: the fully formatted name of the user

groups: the list of groups to which user belongs

externalID: the user ID specified by customer

add_user_attribute.png

Updated
Was this article helpful?
0 out of 0 found this helpful
Contact Us

Related articles