How to Configure PingOne and Azure AD

In this tutorial, we will configure Azure AD using the metadata provided by the Udemy for Business team or the metadata downloaded from PingOne.

If you don’t have the metadata from the Udemy for Business team, or you’re not sure how to download it, please refer to this article.

Create a New Application in Azure

Log in to the Azure portal and click on Azure Active Directory.

Azure_1.png

Next, click on Enterprise applications.

Azure_2.png

and then + New application.

Azure_3.png

Select Non-gallery application.

Azure_4.png

Set the name for the application and click on Add.

Azure_5.pngClick on Configure single sign-on.

Azure_6.png

On Single Sign-on Mode, select SAML-based Sign-on.

Azure_7.png

As Identifier use the value PingConnect.

As Reply URL use the value https://sso.connect.pingidentity.com/sso/sp/ACS.saml2

Click on Show advanced URL settings to show the Sign on URL and use the value
https://sso.connect.pingidentity.com/sso/sp/initsso?saasid=PingConnect

Azure_8.png

User Attributes

Select user.mail on the select box User Identifier.

Click on the box View and edit all other user attributes to configure the attributes that will be sent in SAML assertion.

Azure_9.png

The Udemy for Business instance of PingOne supports the following attributes:

Required attributes:
SCIM.email: the unique email of the user

Optional attributes:
SCIM.name.givenName: the given (or first) name of the user
SCIM.name.middleName: the middle name (if any) of the user
SCIM.name.familyName: the family (or last) name of the user
SCIM.name.formatted: the fully formatted name of the user
groups: the list of groups to which user belongs
externalID: the user ID specified by the customer

All attributes are case sensitive.

To change each attribute, click on the respective row.

Azure_10.png

Add the name as described in the provided table, select the compatible value and click on Ok.
Do not forget to remove the Namespace value.

To add more attributes to your SAML assertion, click on Add attribute.

Azure_11.png

Click on Save to finish configuring.

Click on the link Metadata XML to export the metadata xml file.

Azure_12.png

To give users access to the new application, click one more time on Azure Active Directory.

Azure_13.png

Then on Enterprise applications.

Azure_14.png

Then on your newly created application.

Azure_15.png

Then on Users and groups.

Azure_16.png

And on + Add user, for each user.

Only added users would be able to use SSO.

Azure_17.png

 

Updated
Was this article helpful?
0 out of 0 found this helpful
Contact Us

Related articles